Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service
Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process. The security update addresses the vulnerability by implementing additional validation of specific value sets used in the authentication process.
Update type: Important
Release date: October 13, 2009
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/975467
- Local Security Authority Subsystem Service Integer Overflow Vulnerability – CVE-2009-2524
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB975467.