Microsoft CVE-2017-0169: Hyper-V Information Disclosure Vulnerability
Description
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Solution(s)
- msft-kb4015547-79629e4e-67eb-438d-9420-17c673012731
- msft-kb4015547-e0e5d08f-8c2b-4dcf-a8c9-36eb7c174896
- msft-kb4015547-eb001e30-98fe-4874-a0c9-436635649fdd
- msft-kb4015548-31ca69ca-ca73-4405-860b-037051bd1984
- msft-kb4015548-72db1a7d-338c-4903-9869-9fd8258b643a
- msft-kb4015548-d1986d38-72dd-4e1a-877e-70a3f77f7802
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center