The attacker would require interactive logon access to the affected machine. This significantly limits the scope of the vulnerability because, if normal security recommendations have been followed, unprivileged users will not be granted interactive logon rights to critical machines like servers. Unprivileged users typically are granted interactive logon rights to workstations and terminal servers. However, a workstation would not be a tempting target for an attacker, because he could only use this vulnerability to deny service to himself. The machines most likely to be affected would be terminal servers.