08.15.01. The "NNTP Service Contains Memory Leak" patch eliminates a vulnerability in the NNTP (Network News Transport Protocol) service in Windows NT 4.0 and Windows 2000. The NNTP service contains a memory leak in a routine that processes news postings. Each time such a posting is processed that contains a particular construction, the memory leak causes a small amount of memory to no longer be available for use. If an attacker sent a large number of posts, the server memory could be depleted to the point at which normal service would be disrupted.
08.02.01. This Security Rollup Package (SRP) is a cumulative update for Windows NT 4.0 that includes every fix that has been released for winNT 4 since the release of Service Pack 6a (SP-6a). SP-6a must be installed before installing the security update. A complete list of the 70+ fixes in this update can be found here.
07.30.01. The "Malformed RPC Request Can Cause Service Failure" patch eliminates a vulnerability in Microsoft Exchange, SQL Server, Win NT 4 and Win 2000 that exists due to several of the RPC servers associated with system services not adequately validating inputs, and in some cases accepting invalid inputs that prevent normal processing.
02.14.01. The "Malformed PPTP Packet Stream" patch eliminates a vulnerability in Windows NT 4.0 servers providing secure remote sessions that could allow an attacker to prevent an affected machine from providing useful service.
02.08.01. The "NTLMSSP Privilege Elevation" patch eliminates a vulnerability in Windows NT 4.0 that could allow a locally logged on user to grant herself administrator level privileges due to a flaw in the NTLM Security Support Provider (NTLMSSP) service.
01.05.01. The "Winsock Mutex" patch eliminates a vulnerability in Windows NT 4.0 that could allow a malicious user to run a special program to disable an affected computer's network functionality. This is due to a particular mutex -- a synchronization object that governs access to resources -- having "inappropriately loose permissions".
