Vulnerabilities > CVE-2017-0075 - Unspecified vulnerability in Microsoft products
Attack vector
ADJACENT_NETWORK Attack complexity
HIGH Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0109.
Vulnerable Configurations
Msbulletin
bulletin_id | MS17-008 |
bulletin_url | |
date | 2017-03-14T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 4013082 |
knowledgebase_url | |
severity | Critical |
title | Security Update for Windows Hyper-V |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS17-008.NASL |
description | The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper validation of vSMB packets. An attacker on a guest operating system can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code on the host. (CVE-2017-0021, CVE-2017-0095) - Multiple denial of service vulnerabilities exist due to improper validation of input from a privileged user on a guest operating system. An attacker with a privileged account on a guest operating system can exploit these vulnerabilities, via a specially crafted application, to crash the host machine. (CVE-2017-0051, CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099) Note that customers who have not enabled the Hyper-V role are not affected. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 97745 |
published | 2017-03-15 |
reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/97745 |
title | MS17-008: Security Update for Windows Hyper-V (4013082) |
References
- http://www.securityfocus.com/bid/96698
- http://www.securityfocus.com/bid/96698
- http://www.securitytracker.com/id/1037999
- http://www.securitytracker.com/id/1037999
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0075
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0075