|CERT-In Vulnerability Note
Microsoft Local Security Authority Subsystem Service Denial of Service Vulnerability
Original Issue Date:December 09, 2009
Severity Rating: MEDIUM
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
A vulnerability exists in Microsoft Windows Local Security Authority Subsystem Service LSASS which could allow remote attacker to cause Denial of Service DoS condition on an affected system.
The Local Security Authority Subsystem Service LSASS in Microsoft Windows provides an interface for managing local security, domain authentication, and Active Directory service processes. LSASS handles authentication for the client and for the server and also contains features for supporting Active Directory utilities.
This vulnerability is caused due to error while handling Internet Security Association and Key Management Protocol ISAKMP messages by LSASS using Internet Protocol security IPSec communication. An authenticated, remote attacker could exploit the vulnerability by sending a malicious ISAKMP message during an established and authenticated IPsec session. The processing of a malformed message could cause the LSASS to consume available CPU resources, causing the system unresponsive and resulting a DoS condition on vulnerable system.
- Disable the IPsec service if not in use
Apply appropriate patches as mentioned in Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-2436857
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003