If an attacker is able to gain access to LSA secrets (possibly by using
), then they might discover the user name and password for a service account. Accounts that are used to run services may have privileges beyond that held by the user of the compromised account and maybe domain-level accounts. Armed with the information, the attacker can log on and now have those privileges. If the account is a domain account, his privileges extend to many computers in the domain, not just the one he was able to compromise.
This Content Component encountered an error
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.