Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0193: Hypervisor Code Integrity Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2017-0193: Hypervisor Code Integrity Elevation of Privilege Vulnerability

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

06/13/2017

Created

07/25/2018

Added

06/13/2017

Modified

11/18/2021

Description

An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels. An attacker who successfully exploited this vulnerability could gain elevated privileges on a target guest operating system. The host operating system is not vulnerable to this attack. This vulnerability by itself does not allow arbitrary code to be run. However, the vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how privileges are enforced by Windows Hyper-V instruction emulation.

Solution(s)

msft-kb3217845-17ea9fd9-f649-4a9f-ad3e-d47a23b6003f
msft-kb4022714-63569ab7-c77a-4436-a691-ad182bf54b54
msft-kb4022714-a6c6864b-39ee-4a25-8c19-fdf5df77f49c
msft-kb4022715-5628b4c3-1451-4233-a111-f48f4eecac09
msft-kb4022715-8436b0ac-13c3-4047-9c60-e1fdba6cf918
msft-kb4022715-96c2ded2-ca08-466e-8d52-1f28a54d49d5
msft-kb4022717-1d805e7c-215a-4c96-8b39-3829bd2e02d0
msft-kb4022717-6abad12a-fc3f-4352-81f7-453e305f13ed
msft-kb4022717-7b6c010d-36ea-4bb4-9d06-9e44c1235690
msft-kb4022718-185fb91c-8006-4eeb-81f1-611113a80509
msft-kb4022718-5cc34e54-998c-4120-ba8a-d528309738f8
msft-kb4022718-8f05b935-4c68-4218-92fe-a734d28cc5e9
msft-kb4022722-0fff3ada-3205-441e-9f7f-f9e0198a32ce
msft-kb4022722-4182f860-3205-4b8d-bf9d-4b0b93f34adc
msft-kb4022722-61851a6d-1717-4861-801a-461e772cb312
msft-kb4022722-65224535-330e-42bd-8e35-824c878ec11a
msft-kb4022722-657cd92e-a4a3-4319-a954-52bedeef4cfc
msft-kb4022722-e181eaef-054e-4b52-a00f-503b91461f68
msft-kb4022727-378b3f68-8c1f-410f-b1ed-46c1608edf57
msft-kb4022727-7da82164-b5fd-4735-b187-087b2f0fd24f

References

https://attackerkb.com/topics/cve-2017-0193
CVE - 2017-0193
3217845
4022714
4022715
4022717
4022718
4022719
4022722
4022724
4022726
4022727

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0193: Hypervisor Code Integrity Elevation of Privilege Vulnerability

Microsoft CVE-2017-0193: Hypervisor Code Integrity Elevation of Privilege Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.