Vulnerability Protection

Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution

Details

Report ID:

MS20170303

Date Published:

15 March 2017

Date Revised:

Criticality:

Critical

Compromise Type:

Remote code execution, denial of service, information disclosure

Compromise From:

Remote

Affected Product/Component:

Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows 10
Windows Server 2016

Summary

WIndows Hyper-V was affected by eleven reported vulnerabilities that could be exploited into allowing remote code execution, denial of service, and information disclosure. 

Detailed Description

Windows Hyper-V was affected by a total of eleven vulnerabilities, six of which could lead to denial of service, four could lead to remote code execution, and one could lead to information disclosure. These vulnerabilities were caused by improper validation of input from an authenticated user and improper validation of vSMB packet data. All issues have been resolved in the latest update through corrective modifications and fixes. 

CVE Reference

CVE-2017-0021, CVE-2017-0051, CVE-2017-0074, CVE-2017-0075, CVE-2017-0076, CVE-2017-0095, CVE-2017-0096, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099, CVE-2017-0109

Solution

Install the latest security patch for applicable system, available for download from https://technet.microsoft.com/en-us/library/security/ms17-008

Source

Microsoft Security Bulletin MS17-008