Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mscveMicrosoftMS:CVE-2017-0004
HistoryJan 10, 2017 - 8:00 a.m.

Local Security Authority Subsystem Service Denial of Service Vulnerability

2017-01-1008:00:00
Microsoft
msrc.microsoft.com
11

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.955 High

EPSS

Percentile

99.4%

JSON

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an unauthenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system’s LSASS service, which triggers an automatic reboot of the system.

The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

Related

symantec 1
mskb 4
kaspersky 2
cve 1
openvas 1
nvd 1
checkpoint_advisories 1
nessus 1
prion 1
cvelist 1
thn 1
symantec
symantec
Microsoft Windows LSASS CVE-2017-0004 Denial of Service Vulnerability
2017-01-10 00:00:00
mskb
mskb
January 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
2017-01-10 08:00:00
January 2017 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1
2017-01-10 08:00:00
MS17-004: Description of the security update for Local Security Authority Subsystem Service: January 10, 2017
2017-01-10 08:00:00
kaspersky
kaspersky
KLA11903 DoS vulnerability in Microsoft Products (ESU)
2017-01-10 00:00:00
KLA10941 Denial of service vulnerability in Microsoft Windows
2017-01-10 00:00:00
cve
cve
CVE-2017-0004
2017-01-10 21:59:00
openvas
openvas
Microsoft Windows LSASS Local Denial of Service Vulnerability (3216771)
2017-01-11 00:00:00
nvd
nvd
CVE-2017-0004
2017-01-10 21:59:00
checkpoint_advisories
checkpoint_advisories
Microsoft LSASS Denial of Service (MS17-004: CVE-2017-0004)
2017-01-10 00:00:00
nessus
nessus
MS17-004: Security Update for Local Security Authority Subsystem Service (3216771)
2017-01-10 00:00:00
prion
prion
Design/Logic Flaw
2017-01-10 21:59:00
cvelist
cvelist
CVE-2017-0004
2017-01-10 21:00:00
thn
thn
Microsoft Releases 4 Security Updates — Smallest Patch Tuesday Ever!
2017-01-10 22:26:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.955 High

EPSS

Percentile

99.4%

JSON
Related for MS:CVE-2017-0004
symantec1mskb4kaspersky2cve1openvas1nvd1checkpoint_advisories1nessus1prion1cvelist1thn1