VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 4, 1999· Updated Apr 16, 2026

CVE-1999-0899

CVE-1999-0899

Description

The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In Windows NT 4.0, a local user can execute arbitrary commands as SYSTEM by specifying an alternate print provider due to inappropriate permissions.

Vulnerability

The Windows NT 4.0 print spooler contains a privilege escalation vulnerability (CVE-1999-0899) due to incorrect permissions that allow a local user to specify an alternate print provider [1]. Print providers run in the local System context. Affected versions include Windows NT 4.0 Workstation, Server, Enterprise Edition, and Terminal Server Edition [1].

Exploitation

An attacker must have a local user account on the target system; no special group membership is required [1]. The attacker can specify their own code as a print provider, which the spooler will load and execute. This vulnerability cannot be exploited remotely [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the local System account, thereby gaining full control of the affected machine [1].

Mitigation

Microsoft released a patch in Security Bulletin MS99-047 to address this vulnerability [1]. The patch is available for all affected Windows NT 4.0 editions. No workarounds are documented in the bulletin. This CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References
  1. Microsoft Security Bulletin MS99-047 - Critical

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Microsoft/Windows Nt7 versions
    cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:*:*:*:*
  • Microsoft/Windows NT 4.0llm-fuzzy
    Range: =4.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.