DOCUMENT:Q154087 TITLE :Access Violation in LSASS.EXE Due to Incorrect Buffer Size PRODUCT :Microsoft Windows NT PROD/VER:4.00 OPER/SYS:WINDOWS KEYWORDS:kbbug4.00 kberrmsg kbfile kbfix4.00 ntsecurity NTSrvWkst ntstop -------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Workstation version 4.0 Service Pack 3 - Microsoft Windows NT Server version 4.0 Service Pack 3 -------------------------------------------------------------------------- SYMPTOMS ======== While running Windows NT, you may receive an Access Violation error message in Lsass.exe. After this error occurs, you cannot logon locally and the administrative tools that rely on LSA/LSARPC (such as Event Viewer and Server Manager) do not function. CAUSE ===== The failure occurs when a remote client connects to the Local Security Authority over a named pipe and passes an incorrect buffer size (fragment length). RESOLUTION ========== Microsoft has updated Lsasrv.dll to correct this problem and posted the updated version to the following Internet location. NOTE: Lsa-fix has been superseded by Lsa2-fix. You can find the latest hotfix at the following Microsoft ftp site: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/ hotfixes-postSP3/lsa2-fix/ NOTE: The above link is one path; it has been wrapped for readability. You can find the original hotfix at the following Microsoft ftp site: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/ hotfixes-postSP3/archive/lsa-fix/ NOTE: The above link is one path; it has been wrapped for readability. WARNING: If you install the original (archived) version of this hotfix AFTER you apply the later version, your system may become unusable. Microsoft does not recommend you install the original hotfix after applying the later version. STATUS ====== Microsoft has confirmed this problem could result in some degree of security vulnerability in Windows NT version 4.0. A fully supported fix is now available, but it has not been fully regression tested and should only be applied to systems determined to be at risk of attack. Please evaluate your system's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your system. If your system is sufficiently at risk, Microsoft recommends you apply this fix. Otherwise, wait for the next Windows NT service pack, which will contain this fix. Please contact Microsoft Technical Support for more information. Additional query words: prodnt 4.00 ============================================================================ THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.