Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka Hypervisor Code Integrity Elevation of Privilege Vulnerability.
Weakness
The product does not handle or incorrectly handles an exceptional condition.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Windows_10 | Microsoft | * | * |
| Windows_10 | Microsoft | 1511 (including) | 1511 (including) |
| Windows_10 | Microsoft | 1607 (including) | 1607 (including) |
| Windows_10 | Microsoft | 1703 (including) | 1703 (including) |
| Windows_7 | Microsoft | –sp1 (including) | –sp1 (including) |
| Windows_8.1 | Microsoft | * | * |
| Windows_8.1 | Microsoft | rt (including) | rt (including) |
| Windows_server_2008 | Microsoft | –sp2 (including) | –sp2 (including) |
| Windows_server_2008 | Microsoft | r2-sp1 (including) | r2-sp1 (including) |
| Windows_server_2012 | Microsoft | - (including) | - (including) |
| Windows_server_2012 | Microsoft | r2 (including) | r2 (including) |
| Windows_server_2016 | Microsoft | - (including) | - (including) |
References
- http://www.securityfocus.com/bid/98878
- http://www.securitytracker.com/id/1038670
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0193
- http://www.securityfocus.com/bid/98878
- http://www.securitytracker.com/id/1038670
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0193