What program is lsass.exe?

lsass.exe is a system process, used for the security mechanism of Microsoft Windows systems, as well as local security and login policies; lsass.exe may also be created by Windang.worm, irc.ratsou.b, etc., viruses Distributed via floppy disks, mass mailings, and P2P file sharing.

Recommended: "Programming Video"

lsass.exe is a system process, used for Microsoft Windows systems Security Mechanism. It is used for local security and login policies. Note: lsass.exe may also be created by Windang.worm, irc.ratsou.b, Webus.B, MyDoom.L, Randex.AR, and Nimos.worm. The virus spreads through floppy disks, mass emails, and P2P file sharing.

Process information

Process file: lsass or lsass.exe

Process name: Local Security Authority Service, Local Security Authority Service

Producer: Microsoft Corp.

Belongs to: Microsoft Windows Operating System

System process: Yes

Background program: Yes

Use network: Yes

Port used: 49154 (TCP)

Hardware related: No

Common errors: Unknown N/A

Memory usage: Unknown N/A

Security Level (0-5): 0

Spyware: No

Adware: No

Virus: No

Trojan: No

Process Description

The local security permissions service controls the Windows security mechanism. This is a system process that starts automatically when the system starts.

Manage IP security policies and start ISAKMP/Oakley (IKE) and IP security drivers, etc. It is a local security authorization service, and it will generate a process for authorized users using the winlogon service. This process is performed using authorized packages, such as the default msgina.dll. If authorization is successful, lsass will generate the user's access token, which is not used to start the initial shell. Other processes initiated by the user will inherit this token. The Windows Active Directory remote stack overflow vulnerability uses the LDAP 3 search request function to lack correct buffer boundary checks on user-submitted requests, constructs more than 1,000 "AND" requests, and sends them to the server, causing a stack overflow to be triggered and Lsass The .exe service crashed and the system restarted within 60 seconds. And it will cause some functional failures [1] .

The above is the detailed content of What program is lsass.exe?. For more information, please follow other related articles on the PHP Chinese website!