Skip to main content

Microsoft Windows Local Security Authority Subsystem Service (LSASS) Integer Overflow Vulnerability( 14 October 2009 )

Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 5492 Views

RISK: Medium Risk

A denial of service vulnerability exists in the Microsoft Windows Local Security Authority Subsystem Service (LSASS) due to its improper handling of malformed packets during NTLM authentication. An attacker could create specially crafted anonymous NTLM authentication requests that would cause a crash in the LSASS service and subsequently would restart the computer.