CVE-2020-1267

Опубликовано: 14 июл. 2020

Источник: msrc

CVSS3: 4.9

EPSS Низкий

Описание

Local Security Authority Subsystem Service Denial of Service Vulnerability

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.

The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	4565536 4565529	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	4565536 4565529	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	4565536 4565529	Monthly Rollup Security Only
Windows 7 for 32-bit Systems Service Pack 1	4565524 4565539	Monthly Rollup Security Only
Windows 7 for x64-based Systems Service Pack 1	4565524 4565539	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	4565524 4565539	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	4565524 4565539	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	4565536 4565529	Monthly Rollup Security Only
Windows Server 2012	4565537 4565535	Monthly Rollup Security Only
Windows Server 2012 (Server Core installation)	4565537 4565535	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 87%

0.03441

Низкий

4.9 Medium

CVSS3

Связанные уязвимости

CVE-2020-1267

CVSS3: 4.9

nvd

больше 5 лет назад

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.

GHSA-f6v8-7355-p32v

github

больше 3 лет назад

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.

BDU:2020-03373

CVSS3: 4.9

fstec

больше 5 лет назад

Уязвимость службы Local Security Authority Subsystem Service (LSASS) операционной системы Windows, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 87%

0.03441

Низкий

4.9 Medium

CVSS3