CVE-2019-0972 MEDIUM

CVE-2019-0972: Local Security Authority Subsystem Service Denial of Service Vulnerability

Vendor Microsoft
Product Windows 10 Version 1703
Published June 12, 2019
Last update May 20, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R

What the vulnerability does

01Description

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

Key dates

02Disclosure timeline

June 12, 2019 CVE published
May 20, 2025 Record updated