CVE-2019-0972 — Microsoft Windows 7 Service Pack 1 vulnerability

5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

17.4%

top 4.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1703 +19 more

Timeline

PublishedJun 12

Latest updateMay 24

Description

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages22 packages

▶CVEListV5microsoft/windows_server_2008_r2_systems_service_pack_16.1.0 — publication

▶CVEListV5microsoft/windows_7_service_pack_16.1.0 — publication

▶CVEListV5microsoft/windows_server_2008_service_pack_26.0.6003.0 — publication+1

▶CVEListV5microsoft/windows_server_2008_r2_service_pack_16.1.7601.0 — publication

▶CVEListV5microsoft/windows_10_version_1709_for_32-bit_systems10.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-9r4c-6g65-x8qw: This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker send↗2022-05-24

▶

CVEList

Local Security Authority Subsystem Service Denial of Service Vulnerability↗2019-06-12

▶

📋Vendor Advisories

Microsoft

Local Security Authority Subsystem Service Denial of Service Vulnerability↗2019-06-11

▶