Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows Local Security Authority (LSA)

CVE-2024-43522: Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Security Response Center
#vulnerability#windows#auth#Windows Local Security Authority (LSA)#Security Vulnerability
CVE-2023-35331: Windows Local Security Authority (LSA) Denial of Service Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.

CVE-2023-35331: Windows Local Security Authority (LSA) Denial of Service Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.

CVE-2023-21524: Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could impersonate the group Managed Service Account (gMSA) to perform actions or access resources over the network.

CVE-2022-38016: Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a contained execution environment escape. Please refer to https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation