PT-2016-1699 · Microsoft · Windows Hyper-V+4

Publicado

2016-04-12

·

Atualizado

2018-10-12

·

CVE-2016-0088

CVSS v3.1

9.3

Crítica

VetorAV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Microsoft Windows Hyper-V versions in Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10
Description The issue is related to inadequate access control in the Hyper-V hardware virtualization system, allowing a local attacker to execute arbitrary code using a specially crafted application. This can enable guest OS users to execute arbitrary code on the host OS. The vulnerability can be exploited by remote attackers to execute arbitrary code and affect the system.
Recommendations For Microsoft Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2016-01025
CVE-2016-0088

Produtos afetados

Windows
Windows 10
Windows 8.1
Windows Hyper-V
Windows Server 2012