<< Back
CVE Number Vulnerability Product Severity Date
MS11-047 Vulnerability in Hyper-V Could Allow Denial of Service (2525835) Windows Server Critical 15-06-2011

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability.
Detailed Information on the risk:

A denial of service vulnerability exists in Hyper-V on Windows Server 2008 and Windows Server 2008 R2. The vulnerability is due to Hyper-V servers insufficiently validating specific sequences of machine instructions. An attacker who successfully exploited this vulnerability could cause the affected Hyper-V system to stop responding. This would affect all virtual machines hosted by that system.

Further information on this exploit is available at : MS11-047

Affected Software

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 R2 for x64-based Systems*
Windows Server 2008 R2 for x64-based Systems*