edit-icon download-icon

[Vulnerability notice] CVE-2017-0004: Microsoft LSASS remote DoS vulnerability

Last Updated: Mar 19, 2018

In the early morning of January 11, 2017 (Beijing Time), Microsoft released the first set of patches in the year to fix the remote denial of service vulnerability (ID: CVE-2017-0004) in the Local Security Authority Subsystem Service (LSASS). It is an uncommon security risk. Hackers can exploit this vulnerability to send malicious data packets, causing crash of the key processes in the target system, similar to the unexpected shutdown with 60-second countdown in the case of MSBlast.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-0004

Vulnerability name

Microsoft LSASS remote DoS vulnerability

Vulnerability rating

High

Vulnerability description

Hackers can exploit this vulnerability to send malicious data packets to and initiate a distributed denial of service (DDoS) against Port 445, causing crash of key processes in the target system.

Condition and method of exploitation

This vulnerability is triggered by means of a remote compromise of Port 445.

Affected scope

Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2

Vulnerability detection

None

How to fix or mitigate

Install patches. For more information, see https://technet.microsoft.com/en-us/library/security/MS17-004.

Reference

[1]. https://technet.microsoft.com/en-us/library/security/MS17-004

Thank you! We've received your feedback.