<< Back
CVE Number Vulnerability Product Severity Date
MS10-009 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) Windows Server Critical 10-02-2010

Technical Information

Brief overview of the risk:
The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability.
Detailed Information on the risk:

A denial of service vulnerability exists in Hyper-V on Windows Server 2008 and Windows Server 2008 R2. The vulnerability is due to insufficient validation of specific sequences of machine instructions by Hyper-V. An attacker who successfully exploited this vulnerability could cause the affected Hyper-V system to stop responding. This would affect all virtual machines hosted by that system.

Further information on this exploit is available at : MS10-010

Affected Software

Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems