Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
http://www.iss.net/security_center/static/7402.php
http://support.microsoft.com/support/kb/articles/q160/6/50.asp