1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Microsoft Windows LSASS Memory Corruption DOS

Attack: Microsoft Windows LSASS Memory Corruption DOS

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempts to execute a denial of service on the target system's LSASS service, resulting in an automatic reboot of the system.

Additional Information

Microsoft Windows Local Security Authority Subsystem Service (LSASS) is a security mechanism that handles local security and login policies.

Microsoft Windows LSASS is prone to a denial-of-service vulnerability. Specifically, this issue exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker can exploit this issue by sending a specially crafted authentication request.

Successful exploitation of the issue will cause a denial of service on the target system's LSASS service, resulting in an automatic reboot of the system.

Affected

  • Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube