Windows LSA Spoofing Vulnerability - CVE-2021-36942ID: oval:org.secpod.oval:def:74326 | Date: (C)2021-08-11 (M)2024-03-05 |
Class: VULNERABILITY | Family: windows |
Windows LSA Spoofing Vulnerability. An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. This security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface.
Platform: |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server |