CVE-1999-1157 is a vulnerability found in the Tcpip.sys driver component of Microsoft Windows NT 4.0 versions prior to Service Pack 4. This vulnerability allows remote attackers to cause a denial of service (DoS) condition by sending a specially crafted ICMP Subnet Mask Address Request packet. The issue arises when multiple IP addresses are bound to the same network interface, which is a supported configuration in Windows NT 4.0. When the vulnerable system processes the malformed ICMP packet under these conditions, it can cause the TCP/IP stack to malfunction, leading to a system crash or network service disruption. The vulnerability does not affect confidentiality or integrity but impacts availability by causing the affected system to become unresponsive or reboot. Exploitation requires no authentication and can be performed remotely over the network, making it relatively easy to trigger. However, this vulnerability is specific to an outdated operating system version that is no longer supported or widely used. No patches are available for this vulnerability, and there are no known exploits actively observed in the wild. The CVSS v2 base score is 5.0, indicating a medium severity level, with the vector AV:N/AC:L/Au:N/C:N/I:N/A:P, meaning network attack vector, low attack complexity, no authentication required, no impact on confidentiality or integrity, but partial impact on availability.

For European organizations, the direct impact of this vulnerability today is minimal due to the obsolescence of Windows NT 4.0 and the lack of active exploitation. However, if legacy systems running Windows NT 4.0 are still in operation within critical infrastructure or industrial control environments, this vulnerability could be exploited to cause denial of service, disrupting network availability and potentially impacting business continuity. The DoS condition could lead to downtime of affected systems, loss of network connectivity, and interruption of services relying on these legacy systems. Given that no patch is available, organizations relying on such legacy systems face a risk that can only be mitigated by system upgrades or network-level protections. The vulnerability does not expose data confidentiality or integrity, so the risk is limited to availability disruption. Modern European enterprises are unlikely to be affected, but organizations with legacy Windows NT 4.0 deployments in sectors such as manufacturing, utilities, or transportation should be aware of this risk.

Since no patch is available for this vulnerability, the primary mitigation strategy is to upgrade affected systems to a supported and secure operating system version that does not exhibit this vulnerability. For organizations that must continue using Windows NT 4.0 due to legacy constraints, network-level mitigations should be implemented. These include configuring firewalls and intrusion prevention systems to block or rate-limit ICMP Subnet Mask Address Request packets from untrusted sources, especially from external networks. Network segmentation can isolate legacy systems to reduce exposure. Monitoring network traffic for unusual ICMP activity can help detect attempted exploitation. Additionally, disabling unnecessary network interfaces or IP bindings that involve multiple IP addresses on the same interface may reduce the attack surface. Regular network security assessments should include checks for legacy systems vulnerable to such DoS attacks.