Vulnerabilities > CVE-2017-0021 - Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Msbulletin
bulletin_id | MS17-008 |
bulletin_url | |
date | 2017-03-14T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 4013082 |
knowledgebase_url | |
severity | Critical |
title | Security Update for Windows Hyper-V |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS17-008.NASL |
description | The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper validation of vSMB packets. An attacker on a guest operating system can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code on the host. (CVE-2017-0021, CVE-2017-0095) - Multiple denial of service vulnerabilities exist due to improper validation of input from a privileged user on a guest operating system. An attacker with a privileged account on a guest operating system can exploit these vulnerabilities, via a specially crafted application, to crash the host machine. (CVE-2017-0051, CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099) Note that customers who have not enabled the Hyper-V role are not affected. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 97745 |
published | 2017-03-15 |
reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/97745 |
title | MS17-008: Security Update for Windows Hyper-V (4013082) |
References
- http://www.securityfocus.com/bid/96020
- http://www.securityfocus.com/bid/96020
- http://www.securitytracker.com/id/1037999
- http://www.securitytracker.com/id/1037999
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021