Microsoft Kernel Object Manager is prone to a deadlock vulnerability which could be exploitable, making unkillable any desired process running on the affected machine. + Paper/Advisory -Reversing mrxsmb.sys, Chapter II "NtClose DeadLock" - (pdf) + Exploit Code (c source code) Both two can be downloaded at www.reversemode.com This issue seems to be addressed in the recent bulletin MS06-030. Rubén Santamarta, www.reversemode.com