Skip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

Windows LSA Spoofing Vulnerability

By 13 August 2021 April 9th, 2023 CERT, SOC, Vulnerability
Windows LSA kwetsbaarheid

This blog contains information about the Windows LSA Spoofing vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update August 13, 2021

12:00 | Earlier this week, Microsoft patched a number of vulnerabilities during their regular Patch Tuesday. Among others, the PetitPotam NTLM Relay vulnerability was resolved.

For CVE-2021-36942 (Windows LSA Spoofing Vulnerability), which can be combined with PetitPotam, the likelihood/impact has today been scaled up by the Dutch NCSC from medium/high to high/high. The change in rating is related to proof of concept code that is now available.

We recommend installing the latest updates from Microsoft, paying specific attention to Domain Controllers.

Reason and background of this blog

This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.

Potential risk

According to Microsoft and the NCSC, this vulnerability can lead to the following:

  • Privilege Escalation
  • Remote Code Execution
  • Access to sensitive data

Detail info

The following CVE reference belongs to this vulnerability.


Learn more about the Windows LSA Spoofing vulnerability on these external sources:

NCSC advice



Do you want to be informed in time? Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.