RE: [Full-disclosure] LSADump2 Crashing Windows
From: John McGuire (jmcguire81_at_cox.net)
To: <firstname.lastname@example.org> Date: Fri, 2 Sep 2005 21:29:39 -0700
I have also had this happen to me, but have not had any luck in narrowing
down the exact culprit. As you stated, it does not appear to just be tied to
MS patches. I have a series of virtual machines running at various patch
levels, and none of them will crash. Running it on my fully patched laptop,
however, will crash every time. If you happen to find the answer off this
list, please post it. I'd love to know more about it. Thanks
[mailto:email@example.com] On Behalf Of oh face
Sent: Friday, September 02, 2005 11:42 AM
Subject: [Full-disclosure] LSADump2 Crashing Windows
In my recent experience, LSADump2 has been crashing Windows boxes. I was
able to verify this on fully patched Windows XP and 2003. In further
examination, LSADump2, when executed, killed the "lsass" process, and with
the "winlogon" process still running, the system was forced to reboot. As
far as I know, LSADump2 is utilizing a DLL injection technique to dump the
contents of LSA secrets.
1. Has anyone had this experience? If so, is there a safe method to execute
2. When I tested LSADump2 on various Windows boxes, not all fully patched
boxes were affected by this issue. What configuration of Windows is exactly
causing "lsass" to fail?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/