SB2017011011 - Local Security Authority Subsystem Service Denial of Service Vulnerability

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017011011

SB2017011011 - Local Security Authority Subsystem Service Denial of Service Vulnerability

Published: January 10, 2017

Security Bulletin ID SB2017011011
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Improper input validation (CVE-ID: CVE-2017-0004)

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. A remote unauthenticated attacker can send a specially crafted authentication request to vulnerable system and trigger its automatic reboot.

Successful exploitation of the vulnerability will result in denial of service attack.


Remediation

Install update from vendor's website.

References