Endpoint Vulnerability

Microsoft: Local Security Authority Subsystem Service Denial of Service Vulnerability

Description

A denial of service vulnerability exists in the Windows Local Security Authority Subsystem Service (LSASS). A remote, but authenticated, attacker who successfully exploited this vulnerability could cause the target system to become nonresponsive. To exploit the vulnerability, a remote attacker would first have to log on to the system and send a specially crafted request to the target system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted requests.

Affected Products

Windows RT 8.1,Windows Vista x64 Edition Service Pack 2,Windows Server 2016,Windows Server 2012,Windows 8,Windows 7,Windows 10,Windows Server 2008,Windows Vista Service Pack 2

References

CVE-2016-7237,