HighCheck or Attack Name: NTSP4AuthError
A vulnerability was introduced in Windows NT 4.0 SP4 (Service Pack 4) that could allow some users to access resources by supplying a null password. The problem exists when clients other than Windows NT/95/98 change their passwords causing certain fields in the SAM (Service Account Manager) to be left null. The next time this account is accessed from an NT machine no password will be required for authentication. This vulnerability only affects sites who have deployed machines with DOS, Windows 3.1, Windows for Workgroups, OS/2 or Macintosh clients.
Obtain and apply the Msv1-fix hotfix from Microsoft.
Microsoft Security Bulletin MS99-004, Authentication Processing Error in Windows NT 4.0 SP4, http://www.microsoft.com/security/bulletins/ms99-004.asp
Microsoft Knowledge Base Article Q214840, MSV1_0 Allows Network Connections for Specific Accounts, http://support.microsoft.com/support/kb/articles/q214/8/40.asp
