CVE-2017-0076 : Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099.

Published 2017-03-17 00:59:02

Updated 2017-07-17 13:18:09

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2017-0076

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 18 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-0076

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.9	LOW	AV:A/AC:M/Au:N/C:N/I:N/A:P	5.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.4	MEDIUM	CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H	1.0	4.0	NIST
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-0076

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-0076

http://www.securityfocus.com/bid/96636

Microsoft Windows Hyper-V CVE-2017-0076 Remote Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1037999

Microsoft Hyper-V Bugs Let Local Guest System Users Obtain Potentially Sensitive Information, Deny Service, and Gain Privileges on the Host System - SecurityTracker

CVEs referencing this url
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0076

CVE-2017-0076 | Hyper-V Denial of Service Vulnerability
Patch;Vendor Advisory

Products affected by CVE-2017-0076

Microsoft » Windows Vista » Update SP2
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Update SP2
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Update SP1
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-0076

Exploit prediction scoring system (EPSS) score for CVE-2017-0076

CVSS scores for CVE-2017-0076

CWE ids for CVE-2017-0076

References for CVE-2017-0076

Products affected by CVE-2017-0076