CVE-1999-0728

Vulnerability

The vulnerability exists in Windows NT 4.0 (all editions) where IOCTLs to keyboard and mouse drivers do not require administrative privileges. A user-level program can call these IOCTLs to disable input devices. Affected versions: Windows NT Workstation 4.0, Server 4.0, Server 4.0 Enterprise Edition, and Terminal Server Edition [1].

Exploitation

An attacker needs local access to the system with a standard user account. They can run a program that makes direct IOCTL calls to disable the keyboard or mouse. No special authentication beyond user-level access is required [1].

Impact

Successful exploitation results in denial of service: the keyboard and mouse become non-functional. The machine must be rebooted to restore normal service. On Terminal Server, only the console keyboard and mouse are affected [1].

Mitigation

Microsoft released a patch in July 1999, as detailed in Security Bulletin MS99-024 [1]. The patch is available for all affected Windows NT 4.0 versions. No workaround is documented. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.