Handle Leak in WinLogon After Applying Windows NT 4.0 Service Pack 6 (259042)


The information in this article applies to:

  • Microsoft Windows NT Server 4.0 SP6
  • Microsoft Windows NT Server 4.0 SP6a
  • Microsoft Windows NT Workstation 4.0 SP6
  • Microsoft Windows NT Workstation 4.0 SP6a
This article was previously published under Q259042

SYMPTOMS

After you install Windows NT 4.0 Service Pack 6 and if the RegConnectRegistry() API is being used heavily, the Winlogon process may exhibit a Handle Leak.

CAUSE

This issue occurs because Windows NT 4.0 Service Pack 6 introduced a problem in the termination code for WinLogon, which prevents orphaned handles from closing.

RESOLUTION

To resolve this problem, obtain the Windows NT 4.0 Security Rollup Package. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

299444 Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)

The English-language version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 
   Date      Time                 Size    File name     Platform
   -------------------------------------------------------------
   03-Apr-2000  15:46  4.0.1381.7046  135,440  services.exe  i386
   03-Apr-2000  15:46  4.0.1381.7046  192,272  winlogon.exe  i386
   03-Apr-2000  15:45  4.0.1381.7046  249,104  services.exe  Alpha
   03-Apr-2000  15:45  4.0.1381.7046  275,216  winlogon.exe  Alpha

STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Windows NT 4.0.
Modification Type:MinorLast Reviewed:9/26/2005
Keywords:kbHotfixServer kbQFE kbbug kbfix kbQFE KB259042
©2004 Microsoft Corporation. All rights reserved.