High severity7.5NVD Advisory· Published Dec 31, 1999· Updated Apr 16, 2026

CVE-1999-1127

Description

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.

Affected products

Microsoft/Windows Nt4 versions
cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:enterprise:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:enterprise:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:server:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:terminal_server:*:*:*
- cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:workstation:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.microsoft.com/support/kb/articles/Q195/7/33.aspnvdBroken LinkPatchVendor Advisory
docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-017nvdPatchVendor Advisory
www.iss.net/security_center/static/523.phpnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.024
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000