This module triggers a denial-of-service flaw in the Windows Local Session Manager (LSM). It was found to exist in Windows 11 but not in Windows 10. The vulnerability allows an authenticated, low-privileged user to crash the LSM service by making a simple Remote Procedure Call (RPC) to the RpcGetSessionIds function. The impact of this vulnerability is significant, as a crash of the LSM service can prevent users from logging in or out and affects services that depend on LSM, such as Remote Desktop Protocol (RDP) and Microsoft Defender. The vulnerability can be exploited remotely by an authenticated user with low privileges, especially on a domain controller.
CVE Link
Exploit Platform
Exploit Type
Product Name