Kaspersky LabKLA11060KLA11060 Multiple vulnerabilities in Microsoft Windows Hyper-V
7.4 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:C/I:C/A:C
7.6 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
82.0%
Multiple serious vulnerabilities have been found in Microsoft Windows Hyper-V. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code and cause a denial of service.
Below is a complete list of vulnerabilities:
- Multiple vulnerabilities related to an improper validation of guest operating system network traffic in Windows Hyper-V Network Switch can be exploited remotely via a specially designed application to execute arbitrary code;
- Multiple vulnerabilities related to an improper validation of guest operating system user input in Windows Hyper-V Network Switch can be exploited remotely via a specially designed application to obtain sensitive information;
- Multiple vulnerabilities related to an incorrect validation of input from a privileged user on a guest operating system can be exploited remotely via a specially designed application to cause a denial of service;
- Multiple vulnerabilities related to an improper handling of an access from virtual machines to the Hyper-V Network Switch can be exploited remotely via a specially designed application to cause a denial of service.
Original advisories
Related products
CVE list
CVE-2017-0162 high
CVE-2017-0163 high
CVE-2017-0168 high
CVE-2017-0169 high
CVE-2017-0178 high
CVE-2017-0179 high
CVE-2017-0180 high
CVE-2017-0181 high
CVE-2017-0182 high
CVE-2017-0183 high
CVE-2017-0184 high
CVE-2017-0185 high
CVE-2017-0186 high
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- Microsoft Windows 8.1Microsoft Windows 10Microsoft Windows Server 2008 Service Pack 2Microsoft Windows Server 2008 R2 Service Pack 1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows Server 2016
References
support.microsoft.com/kb/3211308
support.microsoft.com/kb/3217841
support.microsoft.com/kb/4015217
support.microsoft.com/kb/4015219
support.microsoft.com/kb/4015221
support.microsoft.com/kb/4015546
support.microsoft.com/kb/4015547
support.microsoft.com/kb/4015548
support.microsoft.com/kb/4015549
support.microsoft.com/kb/4015550
support.microsoft.com/kb/4015551
support.microsoft.com/kb/4015583
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0162
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0162
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0163
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0163
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0178
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0178
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0179
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0179
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0180
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0180
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0181
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0181
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0182
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0182
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0183
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0183
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0184
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0184
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0185
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0185
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0186
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0186
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Windows-RT/
Related
7.4 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:C/I:C/A:C
7.6 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
82.0%