System Crashes When Unprivileged User Accesses Privileged IOCTL (239931)
The information in this article applies to:
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Server, Enterprise Edition 4.0
This article was previously published under Q239931 SYMPTOMS
When a user without the proper security privileges gains access to an
Input/Output Control (IOCTL) with high security priveleges either by opening the device with trailing characters, using a relative open, or by obtaining the transport handle from the Windows Sockets Support driver (Afd.sys), the computer may stop responding (hang) and you may receive a STOP error message on a blue screen similar to the message listed below:
STOP 0X0000001E: KMODE_EXCEPTION_NOT_HANDLED
CAUSE
This behavior occurs because any access to an IOCTL needs to be available for users without the proper security privileges.
STATUSMicrosoft has confirmed that this is a problem in Windows NT 4.0. MORE INFORMATION
An IOCTL is a custom class of Input/Output Request Packets (IRP) available to User mode. Each Windows Driver Model (WDM) class driver has a set of IOCTLs that it uses to communicate with programs. The IOCTLs give the class driver information about intended usage by programs. The class driver performs all IOCTL parameter validation.
| Modification Type: | Major | Last Reviewed: | 8/10/2001 |
|---|
| Keywords: | kbbug KB239931 |
|---|
|