Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0659 MS17-008 - Critical: Security Update for Windows Hyper-V (4013082) 15 March 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows Hyper-V Publisher: Microsoft Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-0109 CVE-2017-0099 CVE-2017-0098 CVE-2017-0097 CVE-2017-0096 CVE-2017-0095 CVE-2017-0076 CVE-2017-0075 CVE-2017-0074 CVE-2017-0051 CVE-2017-0021 Original Bulletin: https://technet.microsoft.com/en-us/library/security/MS17-008 - --------------------------BEGIN INCLUDED TEXT-------------------- Microsoft Security Bulletin MS17-008: Security Update for Windows Hyper-V (4013082) Bulletin Number: MS17-008 Bulletin Title: Security Update for Windows Hyper-V Severity: Critical KB Article: 4013082 Version: 1.0 Published Date: 14/03/2017 Executive Summary This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected. This security update is rated Critical for all supported editions of Windows. For more information, see the Affected Software section. The security update addresses the vulnerabilities by correcting how Hyper-V validates guest operating system user input. For more information about the vulnerabilities, see the Vulnerability Information section. For more information about this update, see Microsoft Knowledge Base Article 4013082. Affected Software Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8.1 Windows Server 2012 Windows Server 2012 R2 Windows 10 Windows Server 2016 Update FAQ I do not have Hyper-V enabled, why am I being offered this update? The vulnerable code exists in the affected software that is listed in the affected software table. As a defense-in-depth measure, and to ensure that systems are protected if Hyper-V is enabled, the update is applicable to all supported products and versions that contain the vulnerable code. Vulnerability Information Multiple Hyper-V Denial of Service Vulnerabilities Multiple denial of service vulnerabilities exist when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit these vulnerabilities, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit these vulnerabilities an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses these vulnerabilities by preventing out-of-bound memory access. Mitigating Factors The following mitigating factors may be helpful in your situation: Customers who have not enabled the Hyper-V role are not affected. Workarounds Microsoft has not identified any workarounds for these vulnerabilities. Multiple Hyper-V vSMB Remote Code Execution Vulnerabilities Multiple remote code execution vulnerabilities exist when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could execute arbitrary code on a target operating system. To exploit these vulnerabilities an attacker running inside a virtual machine could run a specially crafted application that could cause the Hyper-V host operating system to execute arbitrary code. The update addresses the vulnerabilities by correcting how Windows Hyper-V validates vSMB packet data. Mitigating Factors The following mitigating factors may be helpful in your situation: Customers who have not enabled the Hyper-V role are not affected. Workarounds Microsoft has not identified any workarounds for these vulnerabilities. Multiple Hyper-V Remote Code Execution Vulnerabilities Multiple remote code execution vulnerabilities exist when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit these vulnerabilities, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code An attacker who successfully exploited these vulnerabilities could execute arbitrary code on the host operating system. The security update addresses these vulnerabilities by correcting how Hyper-V validates guest operating system user input Mitigating Factors The following mitigating factors may be helpful in your situation: Customers who have not enabled the Hyper-V role are not affected. Workarounds Microsoft has not identified any workarounds for these vulnerabilities. Hyper-V Information Disclosure Vulnerability CVE-2017-0096 An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. Mitigating Factors The following mitigating factors may be helpful in your situation: Customers who have not enabled the Hyper-V role are not affected. Workarounds Microsoft has not identified any workarounds for this vulnerability. Security Update Deployment For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary. Acknowledgments Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgments for more information. Disclaimer The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWMiCPYx+lLeg9Ub1AQjAQg/9Fw2Y2fNpsu5SUwZ/egB5or7sHnSpJsQ9 a26zchUQy2ZFDK5x6g0kxM+p6n7wnp8/UFm6RyVqjAQV+K+Ple8vNP7s1P+LzCtx 2rJ7RleaKEn/XPOxjjNAOoLuSoy6BPHOGUggfvXgMs58tqiTX8loDb81Zrshd9o5 EJbCc/HsQH9fZjjthDW8kDRAPopOy/t8GDaNpVk9CuOgvJwTusXRqdeS39e26C26 O3U4gQXN0FT9sYhHq1g4Z0QUIJv1fzmjkkBcfqwgbaY+1kzKyP06UxQPPtisRRQD kaTbmCAH6tcVjKs1lEmlPMsHTkLwpHKtfCIQKiP/dVvTLA4zRSCVGjp1/RodRsxz CAORExmUqhbrrNd9C4F/gcHrXAt4wduJdZoQZwHPGO9LzPY7VOp8zFzNqAh4ERvQ zwplpkkCscwQAGdqLmwcMSVZ5fxlZw5KWasfSIEedqOcm4ipK1qE2oguL94d1RGt /0O7paINxC04VXdEAYirCjS3eGuXUdNRpclMqUI5Mztm2BWi1Nn/hZkWPglTBsSA 7rj14/pfUjXhahlOFtm/TYsMMwtJcnmQIP6YNNHwCewE/1fSzLWSB4C3DR2wWROp 2YtQl6vF3AtL21FatZhyqLJQ1tPtR+5Shlg5/aYyrl3HsW4UF0nLRjgBRGTZ6tAm hFpVt1u/tkc= =Arxf -----END PGP SIGNATURE-----