Remote Code Execution Vulnerability in Windows Hyper-V Network Switch by Microsoft
CVE-2017-0162

7.6HIGH

Key Information:

Vendor
Microsoft
Status
Windows Hyper-v
Vendor
CVE Published:
12 April 2017

Summary

A remote code execution vulnerability exists in the Windows Hyper-V Network Switch due to improper validation of input from authenticated users on guest operating systems. This flaw allows an attacker to execute arbitrary code on the host server running vulnerable versions of Windows. It highlights the importance of ensuring robust input validation in virtualization environments to mitigate potential risks.

Affected Version(s)

Windows Hyper-V Windows 10, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97461
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038233
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.