KLA10975
Multiple vulnerabilities in Windows Hyper-V
Updated: 06/01/2019
Detect date
?
03/14/2017
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Windows Hyper-V. Malicious users can exploit these vulnerabilities to cause a denial of service, execute arbitrary code and obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. Multiple validation errors of input from a privileged user on a guest operating system in Network Switch on a host server can be exploited remotely via a specially designed Office document to cause a denial of service;
  2. Several cases of improper validations of vSMB packet data on a host server can be exploited remotely via a specially designed application run inside a virtual machine to execute arbitrary code in the host operating system;
  3. An improper input validation of data received from an authenticated user on a guest operating system done on a host server can be exploited remotely via a specially designed application to execute arbitrary code on the host operating system;
  4. An unknown vulnerability can be exploited remotely via a specially designed application to obtain sensitive information from the host OS memory.
Affected products

Microsoft Windows 7 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

MS17-008
CVE-2017-0051
CVE-2017-0021
CVE-2017-0095
CVE-2017-0096
CVE-2017-0097
CVE-2017-0098
CVE-2017-0099
CVE-2017-0109
CVE-2017-0074
CVE-2017-0075
CVE-2017-0076

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]
Related products
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows 10
CVE-IDS
?
CVE-2017-00512.9Warning
CVE-2017-00217.7Critical
CVE-2017-00957.9Critical
CVE-2017-00962.3Warning
CVE-2017-00972.3Warning
CVE-2017-00982.9Warning
CVE-2017-00992.3Warning
CVE-2017-01097.4High
CVE-2017-00742.3Warning
CVE-2017-00757.4High
CVE-2017-00762.9Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

4012217
4012215
4012216
4012606
4013198
4013429
4013082
3211306
4012212
4012214
4012213