Denial of Service Vulnerability in Microsoft Hyper-V on Windows Platforms
CVE-2017-0178

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Hyper-v
Vendor: CVE Published:; 12 April 2017

Summary

A vulnerability exists in Microsoft Hyper-V that could allow a privileged user operating in a guest environment to execute a denial of service attack. This occurs due to improper input validation when receiving commands, potentially leading to the host server being unable to service requests. Users of Windows 10, Windows 10 versions 1511 and 1607, Windows 8.1, and server environments running Windows Server 2012 R2 and 2016 should be aware of this security issue.

Affected Version(s)

Windows Hyper-V Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97416

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 12, 2017
Vulnerability Reserved
Sep 9, 2016