<< Back
CVE Number Vulnerability Product Severity Date
MS09-069 Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) Windows 2000 Critical 08-12-2009

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.
Detailed Information on the risk:

A denial of service vulnerability exists in Microsoft Windows due to the way that the Local Security Authority Subsystem Service (LSASS) improperly handles specially crafted ISAKMP messages communicated through IPsec.


Further information on this exploit is available at : MS09-069

Affected Software

Windows 2000 Service Pack 4
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows XP Professional x64 Edition Service Pack 2
Windows XP Service Pack 2
Windows XP Service Pack 3