diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index c1e8c754f..b05f96d74 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2014-08-31  Corinna Vinschen  <corinna@vinschen.de>
+
+	* uinfo.cc (pwdgrp::fetch_account_from_windows): Disallow creating an
+	entry for "NULL SID".
+
 2014-08-31  Corinna Vinschen  <corinna@vinschen.de>
 
 	* sec_acl.cc (setacl): Add comment.  Handle NULL ACE for SUID, SGID,
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index 732dea836..d7211f3bb 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -1795,9 +1795,9 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 		    + (sid_sub_auth_rid (sid) & 0xffff);
 	    }
 #endif
-	  /* Special case for "Everyone".  We don't want to return Everyone
-	     as user or group.  Ever. */
-	  if (uid == 0x10100)	/* Computed from S-1-1-0. */
+	  /* Special case for "NULL SID", S-1-0-0 and "Everyone", S-1-1-0.
+	     Never return "NULL SID" or Everyone as user or group. */
+	  if (uid == 0x10000 || uid == 0x10100)
 	    return NULL;
 	  break;
 	case SidTypeLabel: