MS17-008: Security Update for Windows Hyper-V (4013082)

high Nessus Plugin ID 97745

Synopsis

The remote Windows host is affected multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper validation of vSMB packets. An attacker on a guest operating system can exploit these vulnerabilities, via a specially crafted application, to execute arbitrary code on the host. (CVE-2017-0021, CVE-2017-0095)

- Multiple denial of service vulnerabilities exist due to improper validation of input from a privileged user on a guest operating system. An attacker with a privileged account on a guest operating system can exploit these vulnerabilities, via a specially crafted application, to crash the host machine. (CVE-2017-0051, CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099)

Note that customers who have not enabled the Hyper-V role are not affected.

Solution

Microsoft has released a set of patches for Windows 2008, 7, 2008 R2, 2012, 8.1, 2012 R2, 10 and 2016.

See Also

http://www.nessus.org/u?424a7a83

Plugin Details

Severity: High

ID: 97745

File Name: smb_nt_ms17-008.nasl

Version: 1.16

Type: local

Agent: windows

Published: 3/15/2017

Updated: 9/4/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 5.8

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-0095

CVSS v3

Risk Factor: High

Base Score: 7.6

Temporal Score: 6.6

Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 3/14/2017

Vulnerability Publication Date: 3/14/2017

Reference Information

CVE: CVE-2017-0021, CVE-2017-0051, CVE-2017-0074, CVE-2017-0075, CVE-2017-0076, CVE-2017-0095, CVE-2017-0096, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099, CVE-2017-0109

BID: 96020, 96026, 96636, 96639, 96640, 96641, 96642, 96644, 96698, 96699, 96701

IAVA: 2017-A-0061

MSFT: MS17-008

MSKB: 3211306, 4012212, 4012213, 4012214, 4012215, 4012216, 4012217, 4012606, 4013198, 4013429