Vulnerabilities > CVE-2017-0021 - Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

047910
CVSS 9.0 - CRITICAL
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
microsoft
critical
nessus

Summary

Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095.

Vulnerable Configurations

Part Description Count
OS
Microsoft
2

Msbulletin

bulletin_idMS17-008
bulletin_url
date2017-03-14T00:00:00
impactRemote Code Execution
knowledgebase_id4013082
knowledgebase_url
severityCritical
titleSecurity Update for Windows Hyper-V

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS17-008.NASL
descriptionThe remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper validation of vSMB packets. An attacker on a guest operating system can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code on the host. (CVE-2017-0021, CVE-2017-0095) - Multiple denial of service vulnerabilities exist due to improper validation of input from a privileged user on a guest operating system. An attacker with a privileged account on a guest operating system can exploit these vulnerabilities, via a specially crafted application, to crash the host machine. (CVE-2017-0051, CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099) Note that customers who have not enabled the Hyper-V role are not affected.
last seen2020-06-01
modified2020-06-02
plugin id97745
published2017-03-15
reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/97745
titleMS17-008: Security Update for Windows Hyper-V (4013082)