KLA11060
Multiple vulnerabilities in Microsoft Windows Hyper-V

Обновлено: 03/06/2020
Дата обнаружения
11/04/2017
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Windows Hyper-V. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code and cause a denial of service.

Below is a complete list of vulnerabilities:

  1. Multiple vulnerabilities related to an improper validation of guest operating system network traffic in Windows Hyper-V Network Switch can be exploited remotely via a specially designed application to execute arbitrary code;
  2. Multiple vulnerabilities related to an improper validation of guest operating system user input in Windows Hyper-V Network Switch can be exploited remotely via a specially designed application to obtain sensitive information;
  3. Multiple vulnerabilities related to an incorrect validation of input from a privileged user on a guest operating system can be exploited remotely via a specially designed application to cause a denial of service;
  4. Multiple vulnerabilities related to an improper handling of an access from virtual machines to the Hyper-V Network Switch can be exploited remotely via a specially designed application to cause a denial of service.
Пораженные продукты

Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2017-0179
CVE-2017-0178
CVE-2017-0186
CVE-2017-0162
CVE-2017-0163
CVE-2017-0182
CVE-2017-0185
CVE-2017-0184
CVE-2017-0183
CVE-2017-0168
CVE-2017-0169
CVE-2017-0180
CVE-2017-0181
CVE-2017-0162
CVE-2017-0163
CVE-2017-0168
CVE-2017-0169
CVE-2017-0178
CVE-2017-0179
CVE-2017-0180
CVE-2017-0181
CVE-2017-0182
CVE-2017-0183
CVE-2017-0184
CVE-2017-0185
CVE-2017-0186
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]
Связанные продукты
Microsoft Windows Server 2012
Microsoft Windows 7
Microsoft Windows Server 2008
Windows RT
Microsoft Windows 10
CVE-IDS