Windows LSASS Service Can Be Crashed Remotely

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Windows LSASS Service Can Be Crashed Remotely

CVE-2026-32071

Summary

A flaw in Windows LSASS service can allow an attacker to crash the service, making it unavailable to legitimate users. This can happen when an attacker sends a specific packet to the service. To protect your network, ensure you have the latest Windows updates installed.

Original title

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Original description

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

nvd CVSS3.1 7.5

Vulnerability type

CWE-476 NULL Pointer Dereference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32071

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026