Home

CVE-2017-0004

Description

The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka Local Security Authority Subsystem Service Denial of Service Vulnerability.

Risk Information

Base Score
6.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R
EPSS Score
Exploitation Probability
53.467

Associated Vulnerability

VulnerabilityOS Platform
Local Security Authority Subsystem Service Denial of Service Vulnerability for Windows Server 2008 for x64-based Systems (KB3216775)Windows
Local Security Authority Subsystem Service Denial of Service Vulnerability for Windows Server 2008 (KB3216775)Windows
Local Security Authority Subsystem Service Denial of Service Vulnerability for Windows Vista for x64-based Systems (KB3216775)Windows
Local Security Authority Subsystem Service Denial of Service Vulnerability for Windows Vista (KB3216775)Windows
Local Security Authority Subsystem Service Denial of Service Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB3212642)Windows
Local Security Authority Subsystem Service Denial of Service Vulnerability for Windows 7 for x64-based Systems (KB3212642)Windows
Local Security Authority Subsystem Service Denial of Service Vulnerability for Windows 7 (KB3212642)Windows
Local Security Authority Subsystem Service Denial of Service Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB3212646)Windows
Local Security Authority Subsystem Service Denial of Service Vulnerability for Windows 7 for x64-based Systems (KB3212646)Windows
Local Security Authority Subsystem Service Denial of Service Vulnerability for Windows 7 (KB3212646)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-21988Security Update for Windows Server 2008 for x64-based Systems (KB3216775)
PATCH-21986Security Update for Windows Server 2008 (KB3216775)
PATCH-21987Security Update for Windows Vista for x64-based Systems (KB3216775)
PATCH-21985Security Update for Windows Vista (KB3216775)
PATCH-21991January, 2017 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB3212642)
PATCH-21990January, 2017 Security Only Quality Update for Windows 7 for x64-based Systems (KB3212642)
PATCH-21989January, 2017 Security Only Quality Update for Windows 7 (KB3212642)
PATCH-21994January, 2017 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB3212646)
PATCH-21993January, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3212646)
PATCH-21992January, 2017 Security Monthly Quality Rollup for Windows 7 (KB3212646)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234