Multiple vulnerabilities in Microsoft Windows Hyper-V

Published: 2017-09-12 22:09:49
Severity Low
Patch available YES
Number of vulnerabilities 6
CVSSv2 2.4 (AV:A/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
2.4 (AV:A/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.5 (AV:A/AC:L/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)
2.4 (AV:A/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
2.4 (AV:A/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
2.4 (AV:A/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
CVSSv3 3.6 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE ID CVE-2017-8704
CVE-2017-8706
CVE-2017-8707
CVE-2017-8711
CVE-2017-8712
CVE-2017-8713
CWE ID CWE-20
CWE-200
Exploitation vector Local network
Public exploit Not available
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows 8.1
Windows Server 2016
Windows Server 2012 R2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Vendor URL Microsoft
Advisory type Public

Security Advisory

1) Improper input validation

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the host system.

The vulnerability exists in Microsoft Hyper-V Virtual PCI on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause a host machine to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8704

2) Information disclosure

Description

The vulnerability allows an adjacent attacker to obtain potential sensitive information on the host system.

The vulnerability exists in Microsoft Hyper-V on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause the Hyper-V host operating system to disclose memory information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8706

3) Information disclosure

Description

The vulnerability allows an adjacent attacker to obtain potential sensitive information on the host system.

The vulnerability exists in Microsoft Hyper-V on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause the Hyper-V host operating system to disclose memory information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8707

4) Information disclosure

Description

The vulnerability allows an adjacent attacker to obtain potential sensitive information on the host system.

The vulnerability exists in Microsoft Hyper-V on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause the Hyper-V host operating system to disclose memory information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8711

5) Information disclosure

Description

The vulnerability allows an adjacent attacker to obtain potential sensitive information on the host system.

The vulnerability exists in Microsoft Hyper-V on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause the Hyper-V host operating system to disclose memory information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8712

6) Information disclosure

Description

The vulnerability allows an adjacent attacker to obtain potential sensitive information on the host system.

The vulnerability exists in Microsoft Hyper-V on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause the Hyper-V host operating system to disclose memory information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8713

Back to List