CVE-2017-8714

EUVD-2017-17660
The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Remote Desktop Virtual Host Remote Code Execution Vulnerability".
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_8.1
*
microsoftwindows_server_2012
-
microsoftwindows_server_2016
*
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1607 (x64)
KB4038782
Windows 8.1
(x64)
KB4038793
Windows Server 2012
Server Core
KB4038799
Standard
KB4038799
Windows Server 2012 R2
Server Core
KB4038793
Standard
KB4038793
Windows Server 2016
Server Core
KB4038782
Standard
KB4038782
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/100797
http://www.securitytracker.com/id/1039341
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8714
http://www.securityfocus.com/bid/100797
http://www.securitytracker.com/id/1039341
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8714