diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c b/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c
index 96d37384a..45c427868 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c
@@ -57,8 +57,8 @@ const char* const AV_PAIR_STRINGS[] =
 void ntlm_av_pair_list_init(NTLM_AV_PAIR* pAvPairList)
 {
 	NTLM_AV_PAIR* pAvPair = pAvPairList;
-	pAvPair->AvId = MsvAvEOL;
-	pAvPair->AvLen = 0;
+	ntlm_av_pair_set_id(pAvPair, MsvAvEOL);
+	ntlm_av_pair_set_len(pAvPair, 0);
 }
 
 ULONG ntlm_av_pair_list_length(NTLM_AV_PAIR* pAvPairList)
@@ -69,7 +69,7 @@ ULONG ntlm_av_pair_list_length(NTLM_AV_PAIR* pAvPairList)
 	if (!pAvPair)
 		return 0;
 
-	while (pAvPair->AvId != MsvAvEOL)
+	while (ntlm_av_pair_get_id(pAvPair) != MsvAvEOL)
 	{
 		pAvPair = ntlm_av_pair_get_next_pointer(pAvPair);
 	}
@@ -87,12 +87,14 @@ void ntlm_print_av_pair_list(NTLM_AV_PAIR* pAvPairList)
 
 	WLog_INFO(TAG, "AV_PAIRs =");
 
-	while (pAvPair->AvId != MsvAvEOL)
+	while (ntlm_av_pair_get_id(pAvPair) != MsvAvEOL)
 	{
 		WLog_INFO(TAG, "\t%s AvId: %d AvLen: %d",
-				  AV_PAIR_STRINGS[pAvPair->AvId],
-				  pAvPair->AvId, pAvPair->AvLen);
-		winpr_HexDump(TAG, WLOG_INFO, ntlm_av_pair_get_value_pointer(pAvPair), pAvPair->AvLen);
+				  AV_PAIR_STRINGS[ntlm_av_pair_get_id(pAvPair)],
+				  ntlm_av_pair_get_id(pAvPair),
+				  ntlm_av_pair_get_len(pAvPair));
+		winpr_HexDump(TAG, WLOG_INFO, ntlm_av_pair_get_value_pointer(pAvPair),
+				      ntlm_av_pair_get_len(pAvPair));
 		pAvPair = ntlm_av_pair_get_next_pointer(pAvPair);
 	}
 }
@@ -110,7 +112,7 @@ PBYTE ntlm_av_pair_get_value_pointer(NTLM_AV_PAIR* pAvPair)
 
 int ntlm_av_pair_get_next_offset(NTLM_AV_PAIR* pAvPair)
 {
-	return pAvPair->AvLen + sizeof(NTLM_AV_PAIR);
+	return ntlm_av_pair_get_len(pAvPair) + sizeof(NTLM_AV_PAIR);
 }
 
 NTLM_AV_PAIR* ntlm_av_pair_get_next_pointer(NTLM_AV_PAIR* pAvPair)
@@ -127,10 +129,10 @@ NTLM_AV_PAIR* ntlm_av_pair_get(NTLM_AV_PAIR* pAvPairList, NTLM_AV_ID AvId)
 
 	while (1)
 	{
-		if (pAvPair->AvId == AvId)
+		if (ntlm_av_pair_get_id(pAvPair) == AvId)
 			return pAvPair;
 
-		if (pAvPair->AvId == MsvAvEOL)
+		if (ntlm_av_pair_get_id(pAvPair) == MsvAvEOL)
 			return NULL;
 
 		pAvPair = ntlm_av_pair_get_next_pointer(pAvPair);
@@ -148,8 +150,8 @@ NTLM_AV_PAIR* ntlm_av_pair_add(NTLM_AV_PAIR* pAvPairList, NTLM_AV_ID AvId, PBYTE
 		return NULL;
 
 	assert(Value != NULL);
-	pAvPair->AvId = AvId;
-	pAvPair->AvLen = AvLen;
+	ntlm_av_pair_set_id(pAvPair, AvId);
+	ntlm_av_pair_set_len(pAvPair, AvLen);
 	CopyMemory(ntlm_av_pair_get_value_pointer(pAvPair), Value, AvLen);
 	return pAvPair;
 }
@@ -162,10 +164,11 @@ NTLM_AV_PAIR* ntlm_av_pair_add_copy(NTLM_AV_PAIR* pAvPairList, NTLM_AV_PAIR* pAv
 	if (!pAvPairCopy)
 		return NULL;
 
-	pAvPairCopy->AvId = pAvPair->AvId;
-	pAvPairCopy->AvLen = pAvPair->AvLen;
+	CopyMemory(&pAvPairCopy->AvId, &pAvPair->AvId, 2);
+	CopyMemory(&pAvPairCopy->AvLen, &pAvPair->AvLen, 2);
 	CopyMemory(ntlm_av_pair_get_value_pointer(pAvPairCopy),
-			   ntlm_av_pair_get_value_pointer(pAvPair), pAvPair->AvLen);
+			   ntlm_av_pair_get_value_pointer(pAvPair),
+			   ntlm_av_pair_get_len (pAvPair));
 	return pAvPairCopy;
 }
 
@@ -288,10 +291,10 @@ void ntlm_compute_single_host_data(NTLM_CONTEXT* context)
 	 * different or if they are on different hosts, then the information MUST be ignored.
 	 * Any fields after the MachineID field MUST be ignored on receipt.
 	 */
-	context->SingleHostData.Size = 48;
-	context->SingleHostData.Z4 = 0;
-	context->SingleHostData.DataPresent = 1;
-	context->SingleHostData.CustomData = SECURITY_MANDATORY_MEDIUM_RID;
+	Data_Write_UINT32(&context->SingleHostData.Size, 48);
+	Data_Write_UINT32(&context->SingleHostData.Z4, 0);
+	Data_Write_UINT32(&context->SingleHostData.DataPresent, 1);
+	Data_Write_UINT32(&context->SingleHostData.CustomData, SECURITY_MANDATORY_MEDIUM_RID);
 	FillMemory(context->SingleHostData.MachineID, 32, 0xAA);
 }
 
@@ -375,31 +378,31 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
 	if (AvNbDomainName)
 	{
 		AvPairsCount++; /* MsvAvNbDomainName */
-		AvPairsValueLength += AvNbDomainName->AvLen;
+		AvPairsValueLength += ntlm_av_pair_get_len(AvNbDomainName);
 	}
 
 	if (AvNbComputerName)
 	{
 		AvPairsCount++; /* MsvAvNbComputerName */
-		AvPairsValueLength += AvNbComputerName->AvLen;
+		AvPairsValueLength += ntlm_av_pair_get_len(AvNbComputerName);
 	}
 
 	if (AvDnsDomainName)
 	{
 		AvPairsCount++; /* MsvAvDnsDomainName */
-		AvPairsValueLength += AvDnsDomainName->AvLen;
+		AvPairsValueLength += ntlm_av_pair_get_len(AvDnsDomainName);
 	}
 
 	if (AvDnsComputerName)
 	{
 		AvPairsCount++; /* MsvAvDnsComputerName */
-		AvPairsValueLength += AvDnsComputerName->AvLen;
+		AvPairsValueLength += ntlm_av_pair_get_len(AvDnsComputerName);
 	}
 
 	if (AvDnsTreeName)
 	{
 		AvPairsCount++; /* MsvAvDnsTreeName */
-		AvPairsValueLength += AvDnsTreeName->AvLen;
+		AvPairsValueLength += ntlm_av_pair_get_len(AvDnsTreeName);
 	}
 
 	AvPairsCount++; /* MsvAvTimestamp */
@@ -470,7 +473,8 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
 
 	if (context->UseMIC)
 	{
-		UINT32 flags = MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK;
+		UINT32 flags;
+		Data_Write_UINT32(&flags, MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK);
 		ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvFlags, (PBYTE) &flags, 4);
 	}
 
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.h b/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.h
index 4c6b569fa..d62d3d43a 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.h
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.h
@@ -35,6 +35,23 @@ NTLM_AV_PAIR* ntlm_av_pair_get(NTLM_AV_PAIR* pAvPairList, NTLM_AV_ID AvId);
 NTLM_AV_PAIR* ntlm_av_pair_add(NTLM_AV_PAIR* pAvPairList, NTLM_AV_ID AvId, PBYTE Value, UINT16 AvLen);
 NTLM_AV_PAIR* ntlm_av_pair_add_copy(NTLM_AV_PAIR* pAvPairList, NTLM_AV_PAIR* pAvPair);
 
+static INLINE UINT16 ntlm_av_pair_get_id(NTLM_AV_PAIR* pAvPair)
+{
+	UINT16 AvId;
+	Data_Read_UINT16(&pAvPair->AvId, AvId);
+	return AvId;
+}
+
+static INLINE UINT16 ntlm_av_pair_get_len(NTLM_AV_PAIR* pAvPair)
+{
+	UINT16 AvLen;
+	Data_Read_UINT16(&pAvPair->AvLen, AvLen);
+	return AvLen;
+}
+
+#define ntlm_av_pair_set_id(pAvPair, id) Data_Write_UINT16(&pAvPair->AvId, id)
+#define ntlm_av_pair_set_len(pAvPair, len) Data_Write_UINT16(&pAvPair->AvLen, len)
+
 int ntlm_construct_challenge_target_info(NTLM_CONTEXT* context);
 int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context);
 
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_message.c b/winpr/libwinpr/sspi/NTLM/ntlm_message.c
index c1da55605..61363e8d6 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm_message.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_message.c
@@ -679,7 +679,7 @@ SECURITY_STATUS ntlm_read_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
 		AvFlags = ntlm_av_pair_get(context->NTLMv2Response.Challenge.AvPairs, MsvAvFlags);
 
 		if (AvFlags)
-			flags = *((UINT32*) ntlm_av_pair_get_value_pointer(AvFlags));
+			Data_Read_UINT32(ntlm_av_pair_get_value_pointer(AvFlags), flags);
 	}
 
 	if (ntlm_read_message_fields_buffer(s, &(message->EncryptedRandomSessionKey)) < 0) /* EncryptedRandomSessionKey */
@@ -952,7 +952,7 @@ SECURITY_STATUS ntlm_server_AuthenticateComplete(NTLM_CONTEXT* context)
 	AvFlags = ntlm_av_pair_get(context->NTLMv2Response.Challenge.AvPairs, MsvAvFlags);
 
 	if (AvFlags)
-		flags = *((UINT32*) ntlm_av_pair_get_value_pointer(AvFlags));
+		Data_Read_UINT32(ntlm_av_pair_get_value_pointer(AvFlags), flags);
 
 	if (ntlm_compute_lm_v2_response(context) < 0) /* LmChallengeResponse */
 		return SEC_E_INTERNAL_ERROR;