CVE-2018-0885 — Improper Input Validation in Corporation Microsoft Hyper-v Network Switch

CWE-20 — Improper Input Validation5 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

2.0%

top 16.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Hyper-v Network Switch Microsoft Windows 10 Microsoft Windows Server +15 more

Timeline

PublishedMar 14

Latest updateMay 14

Description

The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka "Hyper-V Denial of Service Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.3 | Impact: 4.0

Affected Packages17 packages

▶msrcmsrc/windows_server_2008_for_x64-based_systems_service_pack_2

▶msrcmsrc/windows_server_2008_r2_for_x64-based_systems_service_pack_1

▶msrcmsrc/windows_server_version_1709

▶NVDmicrosoft/windows_server1709

▶msrcmsrc/windows_server_2012

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-c8pr-9cmv-f72j: The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold,↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Windows Hyper-V Denial of Service Vulnerability↗2018-03-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - March 2018↗2018-03-13

▶

Talos

Microsoft Patch Tuesday - March 2018↗2018-03-13

▶