Microsoft Local Security Authority Subsystem Service CVE-2016-7237 Denial of Service Vulnerability
Description
A denial of service vulnerability exists in the Windows Local Security Authority Subsystem Service (LSASS). A remote, but authenticated, attacker who successfully exploited this vulnerability could cause the target system to become nonresponsive. To exploit the vulnerability, a remote attacker would first have to log on to the system and send a specially crafted request to the target system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted requests.
Affected Applications
Windows RT 8.1
Windows Vista x64 Edition Service Pack 2
Windows Server 2016
Windows Server 2012
Windows 8
Windows 7
Windows 10
Windows Server 2008
Windows Vista Service Pack 2