Vulnerability identifier: #VU12499
Vulnerability risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Windows
Operating systems & Components /
Operating system
Windows Server
Operating systems & Components /
Operating system
Vendor: Microsoft
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to an input validation error when processing vSMB packet data. An attacker running inside a virtual machine could run a specially crafted application that could cause the Hyper-V host operating system to execute arbitrary code.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable host system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Windows: 10
Windows Server: 2016
External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0961
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.