==================================================================== CERT-Renater Note d'Information No. 2015/VULN146 _____________________________________________________________________ DATE : 15/07/2015 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows versions Server 2008, Server 2012, 8, 8.1 running Windows Hyper-V. ====================================================================== KB3072000 https://technet.microsoft.com/en-us/library/security/MS15-068 ______________________________________________________________________ Microsoft Security Bulletin MS15-068: Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000) Bulletin Number: MS15-068 Bulletin Title: Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution Severity: Critical KB Article: 3072000 Version: 1.0 Published Date: July 14, 2015 Executive Summary This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An an attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability. This security update is rated Critical for Windows Hyper-V on Windows Server 2008, Windows Server 2008 R2, Windows 8 and Windows Server 2012, and Windows 8.1 and Windows Server 2012 R2. For more information, see the Affected Software section. Affected Software Windows Server 2008 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 R2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows 8 and Windows 8.1 Windows 8 for x64-based Systems Windows 8.1 for x64-based Systems Windows Server 2012 and Windows Server 2012 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Vulnerability Information Hyper-V Buffer Overflow Vulnerability - CVE-2015-2361 A remote code execution vulnerability exists in Windows Hyper-V in a host context if an authenticated and privileged user on a guest virtual machine hosted by Hyper-V runs a specially crafted application. To exploit this vulnerability, an attacker must have valid logon credentials for a guest virtual machine. Systems where Windows Hyper-V is installed are primarily at risk. The security update addresses the vulnerability by correcting how Hyper-V handles packet size memory initialization in guest virtual machines. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. Hyper-V System Data Structure Vulnerability - CVE-2015-2362 A remote code execution vulnerability exists in Windows Hyper-V in a host context if an authenticated and privileged user on a guest virtual machine hosted by Hyper-V runs a specially crafted application. To exploit this vulnerability, an attacker must have valid logon credentials for a guest virtual machine. Systems where Windows Hyper-V is installed are primarily at risk. The security update addresses the vulnerability by correcting how Hyper-V initializes system data structures in guest virtual machines. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================