CVE-2017-8623 — Improper Input Validation in Corporation Windows Hyper-v

CWE-20 — Improper Input Validation5 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

1.5%

top 18.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Windows Hyper-v Microsoft Windows 10 Msrc Windows 10 Version 1607 FOR X64-based Systems +2 more

Timeline

PublishedAug 8

Latest updateMay 17

Description

Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 2.3 | Impact: 4.0

Affected Packages5 packages

▶msrcmsrc/windows_server_2016

▶CVEListV5microsoft_corporation/windows_hyper-vWindows 10 1607, 1703, and Windows Server 2016

▶msrcmsrc/windows_10_version_1607_for_x64-based_systems

▶msrcmsrc/windows_10_version_1703_for_x64-based_systems

▶NVDmicrosoft/windows_101607, 1703+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-489m-whxp-jmqr: Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input fr↗2022-05-17

▶

📋Vendor Advisories

Microsoft

Windows Hyper-V Denial of Service Vulnerability↗2017-08-08

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - August 2017↗2017-08-08

▶

Talos

Microsoft Patch Tuesday - August 2017↗2017-08-08

▶