7.8 - MS17-004

Executive Summary

Summary
Title	Security Update for Local Security Authority Subsystem Service (3216771)

Informations
Name	MS17-004	First vendor Publication	2017-01-10
Vendor	Microsoft	Last vendor Modification	2017-01-10
Severity (Vendor)	N/A	Revision	1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important
Revision Note: V1.0 (January 10, 2017): Bulletin Published
Summary: A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS17-004

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-20	Improper Input Validation

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 7 cpe:2.3:o:microsoft:windows_7:-:sp1::::::	1
Os	Microsoft Windows Server 2008 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::: cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::	2
Os	Microsoft Windows Vista cpe:2.3:o:microsoft:windows_vista:-:sp2::::::	1

Snort® IPS/IDS

Date	Description
2016-12-13	Microsoft Windows LSASS GSS-API DER decoding null pointer dereference attempt RuleID : 40759 - Revision : 3 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date	Description
2017-01-10	Name : The remote Windows host is affected multiple vulnerabilities. File : smb_nt_ms17-004.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2017-01-11 21:25:06	Multiple Updates
2017-01-11 13:25:28	Multiple Updates
2017-01-11 05:25:12	Multiple Updates
2017-01-10 21:23:57	Multiple Updates
2017-01-10 21:17:38	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	4
Snort® Rule(s)	1
Nessus® Exploit(s)	1

	Related
10	MS17-023
10	MS17-005
9.3	MS17-014
9.3	MS17-013
9.3	MS17-002
7.6	MS17-007
7.6	MS17-006
7.5	CVE-2017-0004
7.2	MS16-149
6.8	MS17-001
2.6	MS17-021
0	MS17-022
0	MS17-020
0	MS17-019
0	MS17-018
0	MS17-017
0	MS17-016
0	MS17-015
0	MS17-012
0	MS17-011
0	MS17-010
0	MS17-009
0	MS17-008
0	MS17-003
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 24 more Alert(s)

7.8 - MS17-004

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU