Michael Grafnetter

**Name of the Vulnerable Software and Affected Versions** Microsoft Local Security Authority Subsystem Service (affected versions not specified) **Description** The issue is related to a lack of protection for service data in the Local Security Authority Subsystem Service (LSASS) of the Windows operating system. Exploitation of this issue may allow a remote attacker to disclose protected information. It is possible for network secrets to be stolen from LSASS by convincing or waiting for a user to connect to an Active Directory Domain Controller, potentially through a man-in-the-middle (MITM) attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.