Описание
Windows Hyper-V Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
How could an attacker exploit this vulnerability?
To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 7 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | ||
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) | ||
| Windows 8.1 for x64-based systems | ||
| Windows Server 2012 R2 | ||
| Windows Server 2012 R2 (Server Core installation) | ||
| Windows 10 for x64-based Systems | ||
| Windows Server 2016 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
8.5 High
CVSS3
Связанные уязвимости
Windows Hyper-V Remote Code Execution Vulnerability.
Уязвимость системы аппаратной виртуализации Hyper-V операционных систем Microsoft Windows, позволяющая нарушителю выполнить произвольный код
EPSS
8.5 High
CVSS3