CVE-2015-2534

Name of the Vulnerable Software and Affected Versions Microsoft Windows Hyper-V versions 8.1, 2012 R2, and 10

Description The issue is related to errors in the code of the Hyper-V service in the Windows operating system. It allows a local attacker to bypass network-traffic restrictions using a specially crafted application that exploits errors in the processing of access control list (ACL) settings. This could cause Hyper-V to allow unintended network traffic. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Microsoft Windows Hyper-V versions 8.1, 2012 R2, and 10, consider disabling the Hyper-V role until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the ACL configuration settings to minimize the risk of exploitation. Avoid using specially crafted applications that could exploit the errors in ACL settings processing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.