CVE-2017-0212 — Improper Input Validation in Corporation Microsoft Hyper-v

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.6HIGHNVD

EPSS

0.4%

top 42.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Hyper-v Microsoft Windows 10 Msrc Windows 10 FOR X64-based Systems +4 more

Timeline

PublishedMay 12

Latest updateMay 13

Description

Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages7 packages

▶msrcmsrc/windows_server_2016

▶NVDmicrosoft/windows_101511, 1607, 1703+2

▶msrcmsrc/windows_10_version_1511_for_x64-based_systems

▶msrcmsrc/windows_10_version_1607_for_x64-based_systems

▶msrcmsrc/windows_10_version_1703_for_x64-based_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5ffp-cccf-fpvh: Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to p↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Windows Hyper-V vSMB Elevation of Privilege Vulnerability↗2017-05-09

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - May 2017↗2017-05-10

▶