Information Disclosure Vulnerability in Windows Hyper-V by Microsoft
CVE-2017-0169

5.4MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows Hyper-v
Vendor
CVE Published:
12 April 2017

Summary

An information disclosure vulnerability arises when Windows Hyper-V, operating on Windows 8.1, Windows Server 2012, or Windows Server 2012 R2, inadequately validates input from authenticated users on guest operating systems. As a result, this flaw exposes sensitive information potentially exploited by malicious actors. Users of affected systems should implement the latest security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Windows Hyper-V Windows 8.1, Windows Server 2012, and Windows Server 2012 R2

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97459
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038232
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.