As explained earlier, Windows TCP/IP stack does not implement privileged ports. More precisely, any process can bind a socket to any port, even when a socket is already bound to a port. Thus, it becomes possible to hijack a TCP server.
This kind of vulnerability was published for the first time in february 1998, in the security advisory NT port binding security .
This advisory showed how, for example, any user could hijack the Windows NT 4 SMB server, binding a TCP server on port TCP 139 using a specific IP address in the bind() call.
Microsoft released knowledge base article 194431 , mentionning the problem and stating that it was fixed in Windows NT 4.0 Service Pack 4.
Actually, Microsoft introduced in NT 4.0 Service Pack 4 a new socket option, SO_EXCLUSIVEADDRUSE, that can be used by an application to protect itself from this vulnerability. However: