MS17-008 - K7 Labs

<< Back

CVE Number	Vulnerability	Product	Severity	Date
MS17-008	Security Update for Windows Hyper-V (4013082)	Windows Vista	Critical	15-03-2017

Technical Information

Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

Detailed Information on the risk:

Multiple denial of service vulnerabilities exist when the Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit these vulnerabilities, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.

Further information on this exploit is available at : MS17-008

Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows 10 for x64-based Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1

Technical Information

Affected Software