Описание
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.
FAQ
How could an attacker exploit this vulnerability?
An attacker with the ability to modify certain directory attributes could provide crafted data that causes the system to reference invalid memory during authentication, potentially leading to a crash or other unintended behavior.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 11 Version 24H2 for ARM64-based Systems | ||
| Windows 11 Version 24H2 for x64-based Systems | ||
| Windows Server 2025 | ||
| Windows Server 2025 (Server Core installation) | ||
| Windows 11 Version 25H2 for ARM64-based Systems | ||
| Windows 11 Version 25H2 for x64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.5 High
CVSS3
Связанные уязвимости
Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.
Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.
Уязвимость службы Local Security Authority Subsystem Service (LSASS) операционных систем Windows, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS3