MS17-008: Security Update for Windows Hyper-V (4013082)
High Nessus Plugin ID 97745
SynopsisThe remote Windows host is affected multiple vulnerabilities.
DescriptionThe remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :
- Multiple remote code execution vulnerabilities exist due to improper validation of vSMB packets. An attacker on a guest operating system can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code on the host. (CVE-2017-0021, CVE-2017-0095)
- Multiple denial of service vulnerabilities exist due to improper validation of input from a privileged user on a guest operating system. An attacker with a privileged account on a guest operating system can exploit these vulnerabilities, via a specially crafted application, to crash the host machine. (CVE-2017-0051, CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099)
Note that customers who have not enabled the Hyper-V role are not affected.
SolutionMicrosoft has released a set of patches for Windows 2008, 7, 2008 R2, 2012, 8.1, 2012 R2, 10 and 2016.