Описание
Windows TCP/IP Remote Code Execution Vulnerability
FAQ
How could an attacker exploit this vulnerability?
This vulnerability is remotely triggerable by a malicious Hyper-V guest that sends an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets.
Is this attack specific to Hyper-V or applicable to all hypervisor technologies?
This attack is specific to Hyper-V. Systems that do not have Hyper-V installed are not at risk.
Will disabling IPV6 mitigate this vulnerability?
Yes. Disabling IPV6 will block the threat vector. See Guidance for configuring IPv6 in Windows for advanced users for instructions for disabling IPV6.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | ||
| Windows 7 for 32-bit Systems Service Pack 1 | ||
| Windows 7 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
9.9 Critical
CVSS3
Связанные уязвимости
Windows TCP/IP Remote Code Execution Vulnerability
Уязвимость реализации протоколов TCP/IP системы виртуализации Hyper-V в операционной системе Windows, позволяющая нарушителю выполнить произвольный код
EPSS
9.9 Critical
CVSS3