CVE-2021-36942: Microsoft Windows Local Security Authority (LSA) Spoofing

Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability. Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.

• CISA KEV-listed (remediation due 2021-11-17)
• used in ransomware campaigns
• EPSS 93.6% (99.8% percentile)

Detection rules

• Remote Encrypting File System Abuse high

Browse the CVE database

Read the full analysis on IntelFusions