CVE-2017-0004

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Windows Vista SP2 Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1

Description The issue exists due to insufficient input validation in the Local Security Authority Subsystem Service (LSASS) component of the Windows operating system. Exploitation of this issue may allow a remote attacker to cause a denial of service, resulting in a system reboot, by sending a specially crafted authentication request to the LSASS component.

Recommendations For Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the LSASS component to minimize the risk of exploitation. Avoid using specially crafted authentication requests to the LSASS component until the issue is resolved.