CVE-2017-0181

EUVD-2017-0548
A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 HIGH
ADJACENT_NETWORK
HIGH
HIGH
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10
*
microsoftwindows_8.1
*
microsoftwindows_server_2008
*
microsoftwindows_server_2012
*
microsoftwindows_server_2016
*
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64)
KB4015221
1511 (x64)
KB4015219
1607 (x64)
KB4015217
1703 (x64)
KB4015583
Windows Server 2016
Server Core
KB4015217
Standard
KB4015217
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97445
http://www.securitytracker.com/id/1038233
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0181
http://www.securityfocus.com/bid/97445
http://www.securitytracker.com/id/1038233
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0181