CVE-2016-7237

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT 8.1 Microsoft Windows 10 versions Gold through 1607 Microsoft Windows Server 2016

Description The issue is related to insufficient access control in the Local Security Authority Subsystem Service (LSASS) of the Windows operating system. It allows remote authenticated users to cause a denial of service, resulting in a system hang, via a crafted request. This can be exploited by an attacker to affect the system.

Recommendations For Microsoft Windows Vista SP2, apply the relevant security update to resolve the issue. For Microsoft Windows Server 2008 SP2 and R2 SP1, apply the relevant security update to resolve the issue. For Microsoft Windows 7 SP1, apply the relevant security update to resolve the issue. For Microsoft Windows 8.1, apply the relevant security update to resolve the issue. For Microsoft Windows Server 2012 Gold and R2, apply the relevant security update to resolve the issue. For Microsoft Windows RT 8.1, apply the relevant security update to resolve the issue. For Microsoft Windows 10 versions Gold through 1607, apply the relevant security update to resolve the issue. For Microsoft Windows Server 2016, apply the relevant security update to resolve the issue. As a temporary workaround, consider restricting access to the LSASS service until a patch is available.