How to fix EUVD-2025-17789?

Within 24 hours: Inventory all Windows systems running affected LSASS versions and assess network exposure. Within 7 days: Implement network segmentation to restrict LSASS-dependent services from untrusted networks; monitor for abnormal authentication service crashes and resource consumption. Within 30 days: Establish continuous monitoring for suspicious LSASS activity; prepare emergency response procedures for service restoration; validate compensating controls and document exceptions.

Is Windows 10 21h2 affected by EUVD-2025-17789?

A high-severity vulnerability in Windows LSASS enables remote attackers to crash critical authentication services, potentially rendering affected systems unavailable and disrupting business operations.

EUVD-2025-17789

| CVE-2025-32724 HIGH

2025-06-10 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17789

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 17:22 nvd

HIGH 7.5

Description

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Analysis

Windows Local Security Authority Subsystem Service (LSASS) contains an uncontrolled resource consumption vulnerability that allows unauthenticated remote attackers to cause a denial of service. Crashing or degrading LSASS disrupts all authentication and authorization on the affected Windows server, effectively taking the system offline.

Technical Context

LSASS handles all authentication and authorization decisions on Windows systems. An uncontrolled resource consumption flaw allows a remote attacker to exhaust LSASS resources, causing the service to become unresponsive. When LSASS fails, the system cannot process logons, validate Kerberos tickets, or enforce security policies, effectively denying all access to the machine.

Affected Products

['Windows Server (multiple versions)', 'Windows Desktop (multiple versions)']

Remediation

Apply the Microsoft security update. Implement network segmentation to restrict access to LSASS-exposed ports on domain controllers. Monitor LSASS resource usage for anomalies. Ensure multiple domain controllers for redundancy.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +28.3

CVSS: +38

POC: 0

EUVD-2025-17789 vulnerability details – vuln.today

Back

EUVD-2025-17789

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-17789

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code