1. Home
  2. CVE Database
  3. CVE-2019-0972
MEDIUM · 6.5

CVE-2019-0972

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A re...

Vulnerability Description

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
MicrosoftWindows 10-
MicrosoftWindows 7-
MicrosoftWindows 8.1-
MicrosoftWindows Rt 8.1-
MicrosoftWindows Server 2008-
MicrosoftWindows Server 2012-
MicrosoftWindows Server 2016-
MicrosoftWindows Server 2019-

References

FAQ

What is CVE-2019-0972?

CVE-2019-0972 is a vulnerability with a CVSS score of 6.5 (MEDIUM). This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A re...

How severe is CVE-2019-0972?

CVE-2019-0972 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0972?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10, Microsoft Windows 7, Microsoft Windows 8.1, Microsoft Windows Rt 8.1, Microsoft Windows Server 2008.