The NTLM Security Support Provider (NTLMSSP) service in Windows NT 4.0 is responsible for handling NTLM authentication requests, and runs by default on all Windows NT 4.0 systems. A flaw in the service's implementation could allow a service request from an unprivileged process to cause code to run in the context of the NTLMSSP service, which runs with Local System privileges. This could enable attackers to programmatically levy requests that would have the effect of running the codes of their choice with System privileges. Workstations and terminal servers are the machines at greatest risk under most conditions.