Revision Note: Advisory updated to reference a CVE and to clarify that this issue is anonymously exploitable on Windows 2000 Service Pack 4. Advisory Summary:Microsoft is aware of public reports of proof-of-concept code that seeks to exploit a possible vulnerability in Windows 2000 SP4 and Windows XP SP1. This vulnerability could allow an attacker to levy a denial of service attack of limited duration. On Windows XP SP1, an attacker would need to have a valid logon on the system. For Windows XP SP1 users, an attacker must have valid logon credentials to try to exploit this vulnerability. The vulnerability could not be exploited remotely by anonymous users. However, the affected component is available remotely to users who have standard user accounts. In certain configurations, anonymous users could authenticate as the Guest account. Also, customers who have installed Windows XP Service Pack 2 are not affected by this vulnerability. Additionally, customers running Windows Server 2003 and Windows Server 2003 Service Pack 1 are not affected by this vulnerability.

More...