Microsoft Windows LSASS Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Windows Local Security Authority Subsystem Service (LSASS). This issue arises from improper input validation, allowing an authorized attacker to disrupt service over the network. The vulnerability affects multiple Windows products, including Windows Server 2025, Windows 11 Version 24H2 for both x64-based and ARM64-based systems, and Windows Server 2025 (Server Core installation).

Impact

Exploitation of this vulnerability leads to a significant disruption of service, causing a denial-of-service condition on the affected system.

Remediation

Users can apply the security update for this vulnerability, available through the Microsoft Update Catalog. For Windows Server 2025 and Windows 11 Version 24H2 (both x64-based and ARM64-based), the security update can be downloaded using the KB5065426 or KB5065474 links. Instructions for applying these updates are also available on the Microsoft Support website.