Internet Security Systems' (ISS) X-Force researchers have classified four of the software developer's vulnerabilities high-risk, while Symantec considers all the vulnerabilities critical.
The LSASS Vulnerabiliity, in the view of Symantec security experts, is one of the most severe. A buffer overflow vulnerability exists in the Local Security Authority Subsystem Service (LSASS). Basically, if this system is breached, a cyber attacker could have the same control of the affected machine as a user or administrator. Files could be stolen or erased, or remote code could be executed on a compromised system, for example.
The LSASS provides an interface for managing local security, domain authentication, and Active Directory processes.
(http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx)
