CVE-2017-8714 — Improper Input Validation in Corporation Windows Hyper-v

CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.8%

top 26.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

8

Microsoft Corporation Windows Hyper-v Microsoft Windows 10 Microsoft Windows Server 2012 +5 more

Timeline

PublishedSep 13

Latest updateMay 17

Description

The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Remote Desktop Virtual Host Remote Code Execution Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages8 packages

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2012_r2

▶CVEListV5microsoft_corporation/windows_hyper-vMicrosoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016

▶msrcmsrc/windows_10_version_1607_for_x64-based_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

1

GHSA

GHSA-24xv-qrr3-8vjf: The Windows Hyper-V component on Microsoft Windows 8↗2022-05-17

▶

📋Vendor Advisories

1

Microsoft

Remote Desktop Virtual Host Remote Code Execution Vulnerability↗2017-09-12

▶

🕵️Threat Intelligence

1

Talos

Microsoft Patch Tuesday - September 2017↗2017-09-12

▶

📄Research Papers

1

arXiv

Heuristic Approach Towards Countermeasure Selection using Attack Graphs↗2019-06-26

▶