Main Vulnerability Database SB20170314141

SB20170314141 - Hyper-V Denial of Service Vulnerability

Published: March 14, 2017

Security Bulletin ID SB20170314141

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Out-of-bounds memory access (CVE-ID: CVE-2017-0099)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker with privileged access to guest operating system to perform a denial of service (DoS) attack.

The vulnerability exists due to out-of-bounds memory access in Microsoft Hyper-V Network Switch. An attacker with privileged access to guest operating system can use a specially crafted application to trigger out-of-bounds memory access and cause the host machine to crash.

Successful exploitation of this vulnerability may result denial of service attack again the host system.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0099