Denial of Service Vulnerability in Microsoft Windows Local Security Authority Subsystem Service
CVE-2009-3675

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows 2003 Server; Windows 2000
Vendor: CVE Published:; 9 December 2009

What is CVE-2009-3675?

The Local Security Authority Subsystem Service (LSASS) in specific versions of Microsoft Windows is susceptible to a denial of service attack. This vulnerability can be exploited by remote authenticated users who send malformed ISAKMP requests over an IPsec connection, resulting in significant CPU consumption. This can lead to resource exhaustion, ultimately disrupting legitimate services and affecting system availability.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA09-342A.html

third-party-advisoryx_refsource_CERT

EPSS Score

53% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2009
Vulnerability Reserved
Oct 13, 2009