Access Violation in LSASS.EXE Due to Incorrect Buffer Size

• Microsoft Windows NT Workstation version 4.0 Service Pack 3
• Microsoft Windows NT Server version 4.0 Service Pack 3

SYMPTOMS

While running Windows NT, you may receive an Access Violation error message in Lsass.exe. After this error occurs, you cannot logon locally and the administrative tools that rely on LSA/LSARPC (such as Event Viewer and Server Manager) do not function.

CAUSE

The failure occurs when a remote client connects to the Local Security Authority over a named pipe and passes an incorrect buffer size (fragment length).

RESOLUTION

Microsoft has updated Lsasrv.dll to correct this problem and posted the updated version to the following Internet location:

NOTE: Service Pack 3 must be applied to Windows NT 4.0 prior to applying this fix.

   ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/
   hotfixes-postSP3/lsa-fix

STATUS

Microsoft has confirmed this to be a problem in Windows NT version 4.0. A supported fix is now available, but has not been fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Technical Support for more information.