Multiple vulnerabilities in Microsoft Hyper-V

Published: 2018-03-13 22:50:55
Severity Low
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2018-0885
CVE-2018-0888
CVSSv3 6.4 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
3.8 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-20
CWE-200
Exploitation vector Local network
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 10
Windows RT 8.1
Windows 7
Windows Server 2012
Windows Server 2012 R2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2016
Vendor URL Microsoft

Security Advisory

1) Improper input validation

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists in Microsoft Hyper-V Network Switch on a host server due to insufficient input validation. An adjacent attacker can run a specially crafted application and cause a host machine to crash.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0885

2) Information disclosure

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists in Microsoft Hyper-V Network on a host operating system due to insufficient input validation. An adjacent attacker can run a specially crafted application and gain access to arbitrary data.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0888

Back to List