CVE-2017-0193

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability".

References

http://www.securityfocus.com/bid/98878

http://www.securitytracker.com/id/1038670

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0193

Details

Source: MITRE

Published: 2017-06-15

Updated: 2019-10-03

Type: CWE-755

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
100786Windows 2008 June 2017 Multiple Security UpdatesNessusWindows : Microsoft Bulletins
critical
100765KB4022727: Windows 10 Version 1507 June 2017 Cumulative UpdateNessusWindows : Microsoft Bulletins
critical
100764Windows 8.1 and Windows Server 2012 R2 June 2017 Security UpdatesNessusWindows : Microsoft Bulletins
critical
100762Windows Server 2012 June 2017 Security UpdatesNessusWindows : Microsoft Bulletins
critical
100761Windows 7 and Windows Server 2008 R2 June 2017 Security UpdatesNessusWindows : Microsoft Bulletins
critical
100760KB4022715: Windows 10 Version 1607 and Windows Server 2016 June 2017 Cumulative UpdateNessusWindows : Microsoft Bulletins
critical
100759KB4022714: Windows 10 Version 1511 June 2017 Cumulative UpdateNessusWindows : Microsoft Bulletins
critical