This patch eliminates several security vulnerabilities that could allow a range of effects, from denial of service attacks to, in some cases, privilege elevation. Several vulnerabilities have been identified in the Windows NT 4.0 and Windows 2000 implementations of LPC and LPC ports:
The Invalid LPC Request vulnerability, which affects only Windows NT 4.0. By levying an invalid LPC request, it would be possible to make the affected system fail.
The LPC Memory Exhaustion vulnerability, which affects both Windows NT 4.0 and Windows 2000. By levying spurious LPC requests, it could be possible to increase the number of queued LPC messages to the point where kernel memory was depleted.
The Predictable LPC Message Identifier vulnerability, which affects both Windows NT 4.0 and Windows 2000. Any process that knows the identifier of an LPC message can access it; however, the identifiers can be predicted. In the simplest case, a malicious user could access other process LPC ports and feed them random data as a denial of service attack. In the worst case, it could be possible, under certain conditions, to send bogus requests to a privileged process in order to gain additional local privileges.
A new variant of the previously-reported Spoofed LPC Port Request vulnerability. This vulnerability affects Windows NT 4.0 and Windows 2000, and could, under a very restricted set of conditions, allow a malicious user to create a process that would run under the security context of an already-running process, potentially including System processes.
Because LPC can only be used on the local machine, none of these vulnerabilities could be exploited remotely. Instead, a malicious user could only exploit them on machines that he/she could log onto interactively. Typically, workstations and terminal servers would be chiefly at risk, because, if normal security practices have been followed, normal users will not be allowed to log onto critical servers interactively. This also means that, even in the worst case, the vulnerability would only confer additional local-'not domain-'privileges on the malicious user.
Visit the LPC Vulnerability FAQ for more information.