Microsoft Windows Nt
Recent Microsoft Windows Nt Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2024-30081 | CVE-2024-30081 Windows NTLM Spoofing Vulnerability | July 9, 2024 |
CVE-2023-36398 | Windows NTFS Information Disclosure Vulnerability | November 14, 2023 |
CVE-2023-24900 | Windows NTLM Security Support Provider Information Disclosure Vulnerability | May 9, 2023 |
CVE-2023-28225 | Windows NTLM Elevation of Privilege Vulnerability | April 11, 2023 |
CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability | January 10, 2023 |
CVE-2022-35770 | Windows NTLM Spoofing Vulnerability | October 11, 2022 |
CVE-2022-26933 | Windows NTFS Information Disclosure Vulnerability | May 10, 2022 |
CVE-2022-23298 | Windows NT OS Kernel Elevation of Privilege Vulnerability | March 8, 2022 |
CVE-2022-23297 | Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | March 8, 2022 |
CVE-2021-43230 | Windows NTFS Elevation of Privilege Vulnerability | December 14, 2021 |
By the Year
In 2024 there have been 0 vulnerabilities in Microsoft Windows Nt . Windows Nt did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Windows Nt vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Nt Security Vulnerabilities
The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which
CVE-2010-0232
7.8 - High
- January 21, 2010
The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors
CVE-2008-4609
- October 20, 2008
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Configuration
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008
CVE-2008-1086
- April 08, 2008
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
Code Injection
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file
CVE-2005-4717
- December 31, 2005
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
The POSIX component of Microsoft Windows NT and Windows 2000
CVE-2004-0210
7.8 - High
- August 06, 2004
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
Classic Buffer Overflow
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x
CVE-2003-1048
7.8 - High
- July 27, 2004
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
Double-free
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed
CVE-2003-0813
- November 17, 2003
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
TOCTTOU
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which
CVE-2002-0862
- October 04, 2002
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
Improper Certificate Validation
NTFS file system in Windows NT 4.0 and Windows 2000 SP2
CVE-2002-0725
5.5 - Medium
- September 05, 2002
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
insecure temporary file
Integer overflow in xdr_array function in RPC servers for operating systems
CVE-2002-0391
9.8 - Critical
- August 12, 2002
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
Integer Overflow or Wraparound
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs
CVE-2002-0367
7.8 - High
- June 25, 2002
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which
CVE-2001-1452
7.5 - High
- August 31, 2001
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
Origin Validation Error
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which
CVE-2001-0006
7.1 - High
- February 12, 2001
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
Incorrect Permission Assignment for Critical Resource
A Windows NT administrator account has the default name of Administrator.
CVE-1999-0585
- July 01, 2000
A Windows NT administrator account has the default name of Administrator.
A system does not present an appropriate legal message or warning to a user who is accessing it.
CVE-1999-0590
- June 01, 2000
A system does not present an appropriate legal message or warning to a user who is accessing it.
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts
CVE-2000-1218
9.8 - Critical
- April 14, 2000
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
Origin Validation Error
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server
CVE-2000-0129
- February 04, 2000
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.
A Windows NT system does not clear the system page file during shutdown, which might
CVE-1999-0595
- January 20, 2000
A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which
CVE-1999-1127
7.5 - High
- December 31, 1999
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
Missing Release of Resource after Effective Lifetime
Denial of service in Windows NT messenger service through a long username.
CVE-1999-0224
- July 23, 1999
Denial of service in Windows NT messenger service through a long username.
Denial of service in RAS/PPTP on NT systems.
CVE-1999-0140
- June 30, 1999
Denial of service in RAS/PPTP on NT systems.
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets
CVE-1999-0444
- April 12, 1999
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
Windows NT 4.0 beta
CVE-1999-0119
- January 19, 1999
Windows NT 4.0 beta allows users to read and delete shares.
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused
CVE-1999-0391
- January 05, 1999
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
Windows NT TCP/IP processes fragmented IP packets improperly
CVE-1999-0226
- January 01, 1999
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
Data Processing Errors
Denial of service in telnet
CVE-1999-0285
- January 01, 1999
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
Windows NT automatically logs in an administrator upon rebooting.
CVE-1999-0549
- January 01, 1999
Windows NT automatically logs in an administrator upon rebooting.
A system-critical Windows NT file or directory has inappropriate permissions.
CVE-1999-0560
- January 01, 1999
A system-critical Windows NT file or directory has inappropriate permissions.
Windows NT is not using a password filter utility, e.g
CVE-1999-0570
- January 01, 1999
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
CVE-1999-0577
- January 01, 1999
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
CVE-1999-0578
- January 01, 1999
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
CVE-1999-0579
- January 01, 1999
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate
CVE-1999-0581
- January 01, 1999
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
The Windows NT guest account is enabled.
CVE-1999-0546
- October 01, 1998
The Windows NT guest account is enabled.
A Windows NT domain user or administrator account has a guessable password.
CVE-1999-0505
- October 01, 1998
A Windows NT domain user or administrator account has a guessable password.
A Windows NT domain user or administrator account has a default
CVE-1999-0506
- October 01, 1998
A Windows NT domain user or administrator account has a default, null, blank, or missing password.
Bonk variation of teardrop IP fragmentation denial of service.
CVE-1999-0258
- February 13, 1998
Bonk variation of teardrop IP fragmentation denial of service.
Listening TCP ports are sequentially allocated
CVE-1999-0074
- July 01, 1997
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.
CVE-1999-0275
- June 10, 1997
Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.
Denial of service through Winpopup using large user names.
CVE-1999-0292
- April 01, 1997
Denial of service through Winpopup using large user names.
A version of finger is running
CVE-1999-0612
- March 01, 1997
A version of finger is running that exposes valid user information to any entity on the network.
A Windows NT local user or administrator account has a default
CVE-1999-0504
- January 01, 1997
A Windows NT local user or administrator account has a default, null, blank, or missing password.
Windows NT RSHSVC program
CVE-1999-0249
- January 01, 1997
Windows NT RSHSVC program allows remote users to execute arbitrary commands.
Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query
CVE-1999-0274
- January 01, 1997
Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.
NETBIOS share information may be published through SNMP registry keys in NT.
CVE-1999-0499
- January 01, 1997
NETBIOS share information may be published through SNMP registry keys in NT.
A Windows NT local user or administrator account has a guessable password.
CVE-1999-0503
- January 01, 1997
A Windows NT local user or administrator account has a guessable password.
A Windows NT user has inappropriate rights or privileges, e.g
CVE-1999-0534
- January 01, 1997
A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input.
IP forwarding is enabled on a machine
CVE-1999-0511
- January 01, 1997
IP forwarding is enabled on a machine which is not a router or firewall.
A NETBIOS/SMB share password is the default
CVE-1999-0519
- January 01, 1997
A NETBIOS/SMB share password is the default, null, or missing.
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g
CVE-1999-0582
- January 01, 1997
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.
A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.
CVE-1999-0576
- January 01, 1997
A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.
A Windows NT system's user audit policy does not log an event success or failure, e.g
CVE-1999-0575
- January 01, 1997
A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking.
.reg files are associated with the Windows NT registry editor (regedit)
CVE-1999-0572
- January 01, 1997
.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks.
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g
CVE-1999-0535
- January 01, 1997
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows 2000 or by Microsoft? Click the Watch button to subscribe.