Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10941
HistoryJan 10, 2017 - 12:00 a.m.

KLA10941 Denial of service vulnerability in Microsoft Windows

2017-01-1000:00:00
Kaspersky Lab
threats.kaspersky.com
46

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.955 High

EPSS

Percentile

99.4%

JSON

An improper handling of authentication requests in the Local Security Authority Subsystem Service (LSASS) was found in Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1 and Windows 7 Service Pack 1. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited remotely via a specially designed authentication request.

Original advisories

MS17-004

CVE-2017-0004

Related products

Microsoft-Windows-Vista-4

Microsoft-Windows-7

Microsoft-Windows-Server-2008

CVE list

CVE-2017-0004 critical

KB list

3216775

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Windows 7 Service Pack 1 ย ย Windows Vista Service Pack 2ย Windows Server 2008 Service Pack 2ย Windows Server 2008 R2 Service Pack 1

Related

cve 1
mscve 1
mskb 4
checkpoint_advisories 1
nessus 1
symantec 1
kaspersky 1
openvas 1
nvd 1
prion 1
cvelist 1
thn 1
cve
cve
CVE-2017-0004
2017-01-10 21:59:00
mscve
mscve
Local Security Authority Subsystem Service Denial of Service Vulnerability
2017-01-10 08:00:00
mskb
mskb
January 2017 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1
2017-01-10 08:00:00
January 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
2017-01-10 08:00:00
MS17-004: Description of the security update for Local Security Authority Subsystem Service: January 10, 2017
2017-01-10 08:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft LSASS Denial of Service (MS17-004: CVE-2017-0004)
2017-01-10 00:00:00
nessus
nessus
MS17-004: Security Update for Local Security Authority Subsystem Service (3216771)
2017-01-10 00:00:00
symantec
symantec
Microsoft Windows LSASS CVE-2017-0004 Denial of Service Vulnerability
2017-01-10 00:00:00
kaspersky
kaspersky
KLA11903 DoS vulnerability in Microsoft Products (ESU)
2017-01-10 00:00:00
openvas
openvas
Microsoft Windows LSASS Local Denial of Service Vulnerability (3216771)
2017-01-11 00:00:00
nvd
nvd
CVE-2017-0004
2017-01-10 21:59:00
prion
prion
Design/Logic Flaw
2017-01-10 21:59:00
cvelist
cvelist
CVE-2017-0004
2017-01-10 21:00:00
thn
thn
Microsoft Releases 4 Security Updates โ€” Smallest Patch Tuesday Ever!
2017-01-10 22:26:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.955 High

EPSS

Percentile

99.4%

JSON
Related for KLA10941
cve1mscve1mskb4checkpoint_advisories1nessus1symantec1kaspersky1openvas1nvd1prion1cvelist1thn1