Zer0Mem

**Name of the Vulnerable Software and Affected Versions** Windows SMBv2 (affected versions not specified) **Description** The issue is related to insecure privilege management in the Windows SMBv2 component, allowing a remote attacker to execute arbitrary code by sending a specially crafted packet to the SMBv2 server. This can be achieved through the exploitation of how the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. The vulnerability enables remote attackers to execute arbitrary code and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Hyper-V (affected versions not specified) **Description** The issue is related to an information disclosure problem. It occurs when Windows Hyper-V fails to properly validate input from an authenticated user on a guest operating system. This could allow an attacker to obtain sensitive information and affect the system's confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Server 2012 R2 Windows RT 8.1 Windows Server 2012 Windows Server 2016 Windows 8.1 Windows 10 Windows 10 Servers **Description** A denial of service issue exists in the Microsoft Server Block Message (SMB) due to insufficient input validation. This allows an attacker to send specially crafted requests to the server, potentially causing a denial of service. The issue can be exploited by a remote attacker using specially formed SMB requests to the server. **Recommendations** For Windows Server 2012 R2, update to a version that includes the fix for this issue. For Windows RT 8.1, update to a version that includes the fix for this issue. For Windows Server 2012, update to a version that includes the fix for this issue. For Windows Server 2016, update to a version that includes the fix for this issue. For Windows 8.1, update to a version that includes the fix for this issue. For Windows 10, update to a version that includes the fix for this issue. For Windows 10 Servers, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SMB protocol until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Hyper-V (affected versions not specified) **Description** The issue is caused by insufficient input validation in the network switch of Microsoft Hyper-V on Windows operating systems. It may allow an attacker to cause a denial-of-service of the host operating system from a guest operating system using a specially crafted application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Hyper-V versions in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 **Description** The issue exists due to insufficient input validation from a privileged user in the guest operating system, allowing a remote attacker to execute arbitrary code. This can be exploited by a remote attacker to gain control over the system. **Recommendations** For Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** An elevation-of-privilege issue allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** An elevation-of-privilege issue allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.8.7 **Description** The issue is related to the mishandling of unsuccessful crypto registration in conjunction with successful key-type registration. This can be exploited by local users to cause a denial of service, resulting in a NULL pointer dereference and panic, or possibly have other unspecified impacts. The exploitation is possible via a crafted application that uses the big key data type. **Recommendations** For Linux kernel versions prior to 4.8.7, update to version 4.8.7 or later to resolve the issue.