CVE-2017-0021 - Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet

CVE-2017-0021

Summary

Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

CVSS

Base:	7.7 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:A/AC:L/Au:S/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS17-008
bulletin_url
date	2017-03-14T00:00:00
impact	Remote Code Execution
knowledgebase_id	4013082
knowledgebase_url
severity	Critical
title	Security Update for Windows Hyper-V

refmap via4

bid	96020
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021
sectrack	1037999

Last major update

03-10-2019 - 00:03

Published

17-03-2017 - 00:59

Last modified

03-10-2019 - 00:03