Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows Local Security Authority Subsystem Service

CVE-2022-24487: Windows Local Security Authority (LSA) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In order to exploit this vulnerability the attacker is required to be a local user with a smart card or already logged on remotely through RDP to the remote machine. The authorized attacker could then exploit this Windows LSASS vulnerability by sending, from a user mode application, specially crafted malicious credentials directed at the Windows machine, which could lead to remote code execution.

Microsoft Security Response Center
#vulnerability#mac#windows#Windows Local Security Authority Subsystem Service#Security Vulnerability
CVE-2022-24487: Windows Local Security Authority (LSA) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In order to exploit this vulnerability the attacker is required to be a local user with a smart card or already logged on remotely through RDP to the remote machine. The authorized attacker could then exploit this Windows LSASS vulnerability by sending, from a user mode application, specially crafted malicious credentials directed at the Windows machine, which could lead to remote code execution.