Local Security Authority Subsystem Service Denial of Service Vulnerability

ID MS:CVE-2016-7237
Type mscve
Reporter Microsoft
Modified 2016-12-13T08:00:00


A denial of service vulnerability exists in the Windows Local Security Authority Subsystem Service (LSASS). A remote, but authenticated, attacker who successfully exploited this vulnerability could cause the target system to become nonresponsive.

To exploit the vulnerability, a remote attacker would first have to log on to the system and send a specially crafted request to the target system.

The security update addresses the vulnerability by changing the way that LSASS handles specially crafted requests.