Vulnerability Protection

Vulnerability in LSASS Could Allow Denial of Service

Details

Report ID:

MS20170103

Date Published:

17 January 2017

Date Revised:

Criticality:

Important

Compromise Type:

Denial of service

Compromise From:

Remote

Affected Product/Component:

Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2

Summary

A vulnerability concerning the Local Security Authority Subsystem (LSASS) could cause a denial of service condition on a target system's LSASS service. 

Detailed Description

Microsoft has issued a security update to address a denial of service vulnerability in the Local Security Authority Subsystem (LSASS), caused by a flaw in handling the authentication requests. If successfully exploited, it could cause a denial of service condition on a target system's LSASS and forces the system to automatically reboot. This issue has been rectified in the latest security update by correcting the way LSASS handles authentication requests. 

CVE Reference

CVE-2017-0004

Solution

Install the latest security patch for applicable systems, available for download from https://technet.microsoft.com/en-us/library/security/MS17-004

Source

Microsoft Security Bulletin MS17-004