Remote Code Execution Vulnerability in Windows Hyper-V by Microsoft
CVE-2017-8714

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows Hyper-v
Vendor
CVE Published:
12 September 2017

Summary

A vulnerability in the Windows Hyper-V component allows attackers to execute remote code due to improper validation of input from authenticated users in guest operating systems. This flaw affects multiple versions of Microsoft Windows, enabling unauthorized access and potential control over the affected systems. It is crucial for users to apply necessary security patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Windows Hyper-V Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039341
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/100797
vdb-entryx_refsource_BID

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.