| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS09-069 | Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) | Windows 2000 | Critical | 08-12-2009 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.
Detailed Information on the risk:
A denial of service vulnerability exists in Microsoft Windows due to the way that the Local Security Authority Subsystem Service (LSASS) improperly handles specially crafted ISAKMP messages communicated through IPsec.
Further information on this exploit is available at : MS09-069
Affected Software
Windows 2000 Service Pack 4Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows XP Professional x64 Edition Service Pack 2
Windows XP Service Pack 2
Windows XP Service Pack 3