Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0096: Hyper-V Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2017-0096: Hyper-V Information Disclosure Vulnerability

Severity
2
CVSS
(AV:A/AC:M/Au:S/C:P/I:N/A:N)
Published
03/14/2017
Created
07/25/2018
Added
03/14/2017
Modified
11/18/2021

Description

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

Solution(s)

  • msft-kb3211306-20249a4f-bb0f-4c94-bf16-aab24e42cab3
  • msft-kb4012212-13c36c25-fee4-429f-933e-f93ebfbb91f5
  • msft-kb4012212-36e1591a-f6d3-44d2-aa25-540234b7eb36
  • msft-kb4012212-4ee6f09d-38d9-47ef-8ba9-dd802352b8ee
  • msft-kb4012212-652eea96-c2e8-4548-8f9a-40964e5e6a74
  • msft-kb4012212-c682d11d-fc2e-4852-9da7-c2198958bf6c
  • msft-kb4012212-fb31138f-b6a5-499c-9eb6-5b5f9fff6bfd
  • msft-kb4012213-317ca43c-7dfe-4e04-8a21-2c6c4ab4fbb9
  • msft-kb4012213-5d351df3-6efb-4b17-93e0-b0e3a5babbc3
  • msft-kb4012213-80bc2b42-a953-4096-8595-130e9a9c9fb9
  • msft-kb4012214-1949e6d5-95b0-4e90-acfb-73c9d295fbbf
  • msft-kb4012214-57dbd57f-89b2-4abb-8582-14fc17870bb8
  • msft-kb4012214-b4d71d8b-1f2d-4958-ad08-e379293d71e8
  • msft-kb4012606-384d5679-3c34-433f-8564-66fc5136a5e9
  • msft-kb4012606-6a38fe85-98ba-4ce2-b4eb-aed947d5c203
  • msft-kb4013198-477b54b9-913d-4c4e-8da8-01e0b4cf15ce
  • msft-kb4013198-6d9f75f7-d998-4188-a935-7603f4e51a4d
  • msft-kb4013429-724ee219-b949-4d44-9e02-e464c6062ae4
  • msft-kb4013429-74b1fe65-bd6b-4b76-a624-8674748898f2
  • msft-kb4013429-e29d1b22-493d-44dd-8857-7c6c7cb6d84c

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;