Skip to main content

CVE-1999-0721: Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

High
VulnerabilityCVE-1999-0721cve-1999-0721denial of servicecwe-20
Published: Tue Jul 20 1999 (07/20/1999, 04:00:00 UTC)
Source: NVD
Vendor/Project: microsoft
Product: windows_2000

Description

Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

AI-Powered Analysis

AILast updated: 06/27/2025, 19:39:51 UTC

Technical Analysis

CVE-1999-0721 is a high-severity vulnerability affecting the Windows NT Local Security Authority (LSA) component, specifically in Windows 2000 version 4.0. The vulnerability arises from the LSA's improper handling of malformed requests, which can lead to a denial of service (DoS) condition. The LSA is a critical system process responsible for enforcing security policies, managing user authentication, and handling security tokens. By sending a specially crafted malformed LSA request over the network, an unauthenticated attacker can cause the LSA service to crash or become unresponsive, effectively disrupting the security subsystem of the affected system. This results in a loss of availability, potentially forcing a system reboot or causing a system hang, which can interrupt normal operations and affect dependent services. The vulnerability has a CVSS v2 base score of 7.8, indicating a high severity level. The attack vector is network-based (AV:N), requires no authentication (Au:N), and has low attack complexity (AC:L). The impact is limited to availability (A:C), with no direct confidentiality or integrity impact. Microsoft released a patch (MS99-020) to address this issue, which is critical to apply to mitigate the risk. There are no known exploits in the wild, but the ease of exploitation and the critical nature of the LSA service make this a significant threat if left unpatched.

Potential Impact

For European organizations, the impact of this vulnerability can be substantial, especially for those still operating legacy Windows 2000 systems in critical environments. A successful DoS attack on the LSA can disrupt authentication services, potentially locking users out of systems or causing system instability. This can affect business continuity, particularly in sectors relying on legacy infrastructure such as manufacturing, utilities, or government agencies. Although the vulnerability does not directly compromise data confidentiality or integrity, the loss of availability can lead to operational downtime, increased support costs, and potential regulatory compliance issues if critical services are interrupted. Additionally, organizations with interconnected networks may experience cascading effects if authentication services fail, impacting multiple systems and users across the enterprise.

Mitigation Recommendations

Organizations should prioritize applying the official Microsoft patch MS99-020 to all affected Windows 2000 systems to remediate this vulnerability. Given the age of the affected product, organizations should also plan to upgrade or migrate away from Windows 2000 to supported operating systems to reduce exposure to legacy vulnerabilities. Network-level mitigations include restricting access to LSA-related services and ports through firewalls and network segmentation, limiting exposure to untrusted networks. Implementing intrusion detection and prevention systems (IDS/IPS) to monitor for malformed LSA requests can help detect and block exploitation attempts. Regularly auditing and monitoring system stability and logs for signs of LSA crashes or unusual authentication failures can provide early warning of attempted attacks. Finally, maintaining an up-to-date asset inventory to identify legacy systems is critical for effective vulnerability management.

Need more detailed analysis?Get Pro

Threat ID: 682ca32cb6fd31d6ed7df0fa

Added to database: 5/20/2025, 3:43:40 PM

Last enriched: 6/27/2025, 7:39:51 PM

Last updated: 8/11/2025, 3:15:01 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats