| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS10-009 | Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) | Windows Server | Critical | 10-02-2010 |
Technical Information
Brief overview of the risk:
The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability.
Detailed Information on the risk:
A denial of service vulnerability exists in Hyper-V on Windows Server 2008 and Windows Server 2008 R2. The vulnerability is due to insufficient validation of specific sequences of machine instructions by Hyper-V. An attacker who successfully exploited this vulnerability could cause the affected Hyper-V system to stop responding. This would affect all virtual machines hosted by that system.
Further information on this exploit is available at : MS10-010
Affected Software
Windows Server 2008 for x64-based SystemsWindows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems