SB2017091218 - Multiple vulnerabilities in Microsoft Windows Hyper-V

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017091218

SB2017091218 - Multiple vulnerabilities in Microsoft Windows Hyper-V

Published: September 12, 2017

Security Bulletin ID SB2017091218
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Adjecent network
Highest impact Partial DoS

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2017-8704)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows an adjacent attacker to cause DoS condition on the host system.

The vulnerability exists in Microsoft Hyper-V Virtual PCI on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause a host machine to crash.

Successful exploitation of the vulnerability results in denial of service.


2) Information disclosure (CVE-ID: CVE-2017-8706)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows an adjacent attacker to obtain potential sensitive information on the host system.

The vulnerability exists in Microsoft Hyper-V on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause the Hyper-V host operating system to disclose memory information.


3) Information disclosure (CVE-ID: CVE-2017-8707)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows an adjacent attacker to obtain potential sensitive information on the host system.

The vulnerability exists in Microsoft Hyper-V on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause the Hyper-V host operating system to disclose memory information.


4) Information disclosure (CVE-ID: CVE-2017-8711)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows an adjacent attacker to obtain potential sensitive information on the host system.

The vulnerability exists in Microsoft Hyper-V on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause the Hyper-V host operating system to disclose memory information.


5) Information disclosure (CVE-ID: CVE-2017-8712)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows an adjacent attacker to obtain potential sensitive information on the host system.

The vulnerability exists in Microsoft Hyper-V on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause the Hyper-V host operating system to disclose memory information.


6) Information disclosure (CVE-ID: CVE-2017-8713)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows an adjacent attacker to obtain potential sensitive information on the host system.

The vulnerability exists in Microsoft Hyper-V on a host server due to an improper input validation. An adjacent attacker can run a specially crafted application and cause the Hyper-V host operating system to disclose memory information.


Remediation

Install update from vendor's website.

References