Skip to main content

CVE-2019-0972: Denial of Service in Microsoft Windows 10 Version 1703

Medium
VulnerabilityCVE-2019-0972cvecve-2019-0972
Published: Wed Jun 12 2019 (06/12/2019, 13:49:38 UTC)
Source: CVE
Vendor/Project: Microsoft
Product: Windows 10 Version 1703

Description

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

AI-Powered Analysis

AILast updated: 07/04/2025, 08:56:30 UTC

Technical Analysis

CVE-2019-0972 is a vulnerability identified in Microsoft Windows 10 Version 1703 affecting the Local Security Authority Subsystem Service (LSASS). LSASS is a critical component responsible for enforcing security policies, handling authentication, and managing user logins. This vulnerability arises when an authenticated attacker sends a specially crafted authentication request to the LSASS service. The malformed request triggers a denial of service (DoS) condition by causing the LSASS process to crash, which in turn forces the system to automatically reboot. This behavior disrupts system availability and can lead to service interruptions, particularly on systems that rely heavily on continuous uptime. The vulnerability requires the attacker to have some level of authentication (PR:L - Privileges Required: Low), meaning the attacker must have valid credentials but does not need administrative privileges. No user interaction is required for exploitation, and the attack can be executed remotely over the network (AV:N - Attack Vector: Network). The vulnerability does not impact confidentiality or integrity but solely affects availability, making it a targeted DoS attack. Microsoft addressed this vulnerability by modifying how LSASS processes authentication requests to prevent the crash condition. The CVSS v3.1 base score is 6.5 (medium severity), reflecting the moderate impact and ease of exploitation given the low privileges required and network accessibility. There are no known exploits in the wild reported, and no public exploit code has been observed. However, the vulnerability remains a concern for environments running the affected Windows 10 version 1703, especially those with exposed authentication services or weak access controls.

Potential Impact

For European organizations, the primary impact of CVE-2019-0972 is the potential for denial of service attacks that disrupt system availability. Organizations relying on Windows 10 Version 1703 in critical infrastructure, enterprise environments, or service provider networks may experience unexpected system reboots, leading to downtime and potential loss of productivity. This can affect business continuity, especially in sectors such as finance, healthcare, telecommunications, and government services where uptime is crucial. Although the vulnerability does not compromise data confidentiality or integrity, repeated or targeted DoS attacks could degrade trust in IT systems and increase operational costs due to incident response and recovery efforts. Additionally, since exploitation requires valid credentials, insider threats or compromised accounts could be leveraged to trigger the attack, raising concerns about internal security posture. European organizations with legacy systems or delayed patch management practices are at higher risk, as they may still operate vulnerable Windows 10 Version 1703 installations. The automatic reboot behavior could also interfere with security monitoring and forensic investigations by disrupting logs and system states.

Mitigation Recommendations

To mitigate CVE-2019-0972 effectively, European organizations should: 1) Apply the official Microsoft security update that patches this vulnerability as soon as possible to all affected Windows 10 Version 1703 systems. 2) Implement strict access controls and monitoring on authentication services to limit the number of users with valid credentials capable of interacting with LSASS, reducing the attack surface. 3) Enforce multi-factor authentication (MFA) to reduce the risk of credential compromise that could enable exploitation. 4) Monitor system logs and network traffic for unusual authentication requests or repeated failed attempts that could indicate exploitation attempts. 5) Consider upgrading or migrating systems from Windows 10 Version 1703 to more recent, supported versions of Windows 10 or Windows 11 to benefit from improved security features and ongoing support. 6) Establish robust incident response procedures to quickly detect and recover from DoS incidents, including maintaining backups and system snapshots to minimize downtime. 7) Segment networks to isolate critical systems and restrict remote access to authentication services only to trusted networks and users. These targeted measures go beyond generic advice by focusing on credential security, patch management, and network segmentation specific to the nature of this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2018-11-26T00:00:00
Cisa Enriched
false
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0f71484d88663aeacee

Added to database: 5/20/2025, 6:59:03 PM

Last enriched: 7/4/2025, 8:56:30 AM

Last updated: 7/26/2025, 9:42:52 PM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats