COMMAND

    lsass.exe

SYSTEMS AFFECTED

    Win NT

PROBLEM

    Mihnea Mironescu found  following.  If  you install and  ran NAI's
    CyberCop Scanner  on NT  4.0 SP5  machines (all  postSP5 hotfixes,
    including  LSA3-fix)  you  will  see  following.  The scanner will
    crash the lsass.exe process on all servers and workstations.

    This particular anonymous MSRPC  DoS has still not  been addressed
    by microsoft, yet, in NT 4.0.  Internet Security Systems  reported
    this  specific  issue  to  microsoft,  around  february 1999.  The
    problem is  due to  marshalling /  unmarshalling MSRPC  code being
    unable to cope with a NULL policy handle.  The fix for the problem
    that is reported  by NAI's Cybercop  Scanner (to install  lsa2fix)
    does  _not_  fix  the  problem.   neither  does  SP3,  SP4, SP5 or
    LSA3-fix.

SOLUTION

    SP6 fixed this.