Local Security Authority Subsystem Service
by Microsoft
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49126 | Hig | 0.53 | 8.1 | 0.01 | Dec 12, 2024 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | ||
| CVE-2023-36391 | Hig | 0.51 | 7.8 | 0.07 | Dec 12, 2023 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | ||
| CVE-2022-30166 | Hig | 0.51 | 7.8 | 0.01 | Jun 15, 2022 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | ||
| CVE-2022-21884 | Hig | 0.51 | 7.8 | 0.01 | Jan 11, 2022 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | ||
| CVE-2020-1509 | Hig | 0.51 | 7.8 | 0.03 | Aug 17, 2020 | An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of… | ||
| CVE-2026-32071 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | ||
| CVE-2019-0972 | Med | 0.43 | 6.5 | 0.06 | Jun 12, 2019 | This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a… | ||
| CVE-2026-26155 | Med | 0.42 | 6.5 | 0.01 | Apr 14, 2026 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||
| CVE-2022-37977 | Med | 0.42 | 6.5 | 0.02 | Oct 11, 2022 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | ||
| CVE-2024-26209 | Med | 0.37 | 5.5 | 0.15 | Apr 9, 2024 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||
| CVE-2024-20692 | Med | 0.37 | 5.7 | 0.01 | Jan 9, 2024 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||
| CVE-2023-36428 | Med | 0.36 | 5.5 | 0.01 | Nov 14, 2023 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||
| CVE-2020-1267 | Med | 0.32 | 4.9 | 0.05 | Jul 14, 2020 | This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'. | ||
| CVE-2026-20875 | 0.00 | — | 0.02 | Jan 13, 2026 | Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. |
- risk 0.53cvss 8.1epss 0.01
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.07
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.03
An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of…
- risk 0.49cvss 7.5epss 0.01
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
- risk 0.43cvss 6.5epss 0.06
This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a…
- risk 0.42cvss 6.5epss 0.01
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.02
Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
- risk 0.37cvss 5.5epss 0.15
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- risk 0.37cvss 5.7epss 0.01
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- risk 0.32cvss 4.9epss 0.05
This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.
- CVE-2026-20875Jan 13, 2026risk 0.00cvss —epss 0.02
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.