Denial of Service in Microsoft Windows Products
CVE-2017-0004
7.5HIGH
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 10 January 2017
What is CVE-2017-0004?
The Local Security Authority Subsystem Service (LSASS) in various Microsoft Windows products poses a risk where remote attackers can initiate a denial of service by sending specially crafted authentication requests. This vulnerability affects multiple versions including Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, and Windows 7 SP1, resulting in potential system reboots and disruption of service.
References
EPSS Score
53% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved