Executive Summary
Summary | |
---|---|
Title | Microsoft Security Advisory 3108638 |
Informations | |||
---|---|---|---|
Name | KB3108638 | First vendor Publication | 2015-11-10 |
Vendor | Microsoft | Last vendor Modification | 1970-01-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 4.9 | Attack Range | Local |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Security Advisory 3108638Update for Windows Hyper-V to Address CPU WeaknessPublished: November 10, 2015 Version: 1.0
|
CVE References | CVE-2015-5307 |
Microsoft Knowledge Base Article | 3108638 |
Publicly Disclosed | No |
Active Attack | No |
Affected Software
The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.
Operating System | Security Impact | Severity Rating | Updates Replaced |
Windows Server 2008 | |||
Windows Server 2008 for x64-based Systems Service Pack 2 | Denial of Service | Important | None |
Windows Server 2008 R2 | |||
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Denial of Service | Important | None |
Windows 8 and Windows 8.1 | |||
Windows 8 for x64-based Systems | Denial of Service | Important | None |
Windows 8.1 for x64-based Systems | Denial of Service | Important | None |
Windows Server 2012 and Windows Server 2012 R2 | |||
Windows Server 2012 | Denial of Service | Important | None |
Windows Server 2012 R2 | Denial of Service | Important | None |
Windows 10 | |||
Windows 10 for x64-based Systems [1] | Denial of Service | Important | None |
Windows 10 Version 1511 for x64-based Systems [1] | Denial of Service | Important | None |
Server Core installation option | |||
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Denial of Service | Important | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Denial of Service | Important | None |
Windows Server 2012 (Server Core installation) | Denial of Service | Important | None |
Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | None |
[1]Windows 10 updates are cumulative. In addition to containing non-security updates, they also contain all of the security fixes for all of the Windows 10-affected vulnerabilities shipping with the monthly security release. The updates are available via the Microsoft Update Catalog.
Note Windows Server Technical Preview 3 is affected. Customers running this operating system are encouraged to apply the update, which is available via Windows Update.
Advisory FAQ
What is the scope of the advisory?
The purpose of this advisory is to notify customers of an available security update for Windows Hyper-V to protect against a denial of service condition that can be triggered with certain CPU chipsets.
What does the update do?
The security update bypasses the CPU weakness by preventing a guest operating system from triggering an unresponsive state in the CPU.
Suggested Actions
- Apply the update for your version of Microsoft Windows
The majority of customers have automatic updating enabled and will not need to take any action because the updates will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 3097966.
For administrators and enterprise installations, or end users who want to install the updates manually, Microsoft recommends applying the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information on how to manually apply the updates, see Microsoft Knowledge Base Article 3108638.
Additional Suggested Actions
- Protect your PC
We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see Microsoft Safety & Security Center.
- Keep Microsoft Software Updated
Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.
Security Update Deployment
For Security Update Deployment information, see Microsoft Knowledge Base Article 3108638.
Other Information
Feedback
- You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.
Support
- Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
- Microsoft TechNet Security provides additional information about security in Microsoft products.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions
- V1.0 (November 10, 2015): Advisory published.
Original Source
Url : http://www.microsoft.com/technet/security/advisory/3108638.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-04-03 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO |
2016-11-23 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0166.nasl - Type : ACT_GATHER_INFO |
2016-11-23 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0165.nasl - Type : ACT_GATHER_INFO |
2016-09-02 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2074-1.nasl - Type : ACT_GATHER_INFO |
2016-08-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3426-1.nasl - Type : ACT_GATHER_INFO |
2016-07-20 | Name : The remote Solaris system is missing a security patch from CPU jul2016. File : solaris_jul2016_SRU11_3_8_7_0.nasl - Type : ACT_GATHER_INFO |
2016-06-22 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0081.nasl - Type : ACT_GATHER_INFO |
2016-05-18 | Name : The remote Debian host is missing a security update. File : debian_DLA-479.nasl - Type : ACT_GATHER_INFO |
2016-04-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-445.nasl - Type : ACT_GATHER_INFO |
2016-03-18 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0037.nasl - Type : ACT_GATHER_INFO |
2016-03-07 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0658-1.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-f2c534bc12.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-f150b2a8c8.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-cd94ad8d7c.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-668d213dc3.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-394835a3f6.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-115c302856.nasl - Type : ACT_GATHER_INFO |
2016-02-08 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-136.nasl - Type : ACT_GATHER_INFO |
2016-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2587.nasl - Type : ACT_GATHER_INFO |
2016-02-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0103.nasl - Type : ACT_GATHER_INFO |
2016-02-03 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-124.nasl - Type : ACT_GATHER_INFO |
2016-01-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3454.nasl - Type : ACT_GATHER_INFO |
2016-01-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0007.nasl - Type : ACT_GATHER_INFO |
2016-01-25 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-36.nasl - Type : ACT_GATHER_INFO |
2016-01-25 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-35.nasl - Type : ACT_GATHER_INFO |
2016-01-25 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-34.nasl - Type : ACT_GATHER_INFO |
2016-01-21 | Name : An application installed on the remote host is affected by multiple vulnerabi... File : virtualbox_5_0_10.nasl - Type : ACT_GATHER_INFO |
2016-01-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0046.nasl - Type : ACT_GATHER_INFO |
2016-01-14 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL31026324.nasl - Type : ACT_GATHER_INFO |
2016-01-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0024.nasl - Type : ACT_GATHER_INFO |
2016-01-11 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-3503.nasl - Type : ACT_GATHER_INFO |
2016-01-11 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-3502.nasl - Type : ACT_GATHER_INFO |
2016-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0004.nasl - Type : ACT_GATHER_INFO |
2015-12-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2339-1.nasl - Type : ACT_GATHER_INFO |
2015-12-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2338-1.nasl - Type : ACT_GATHER_INFO |
2015-12-22 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2324-1.nasl - Type : ACT_GATHER_INFO |
2015-12-22 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2328-1.nasl - Type : ACT_GATHER_INFO |
2015-12-22 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2326-1.nasl - Type : ACT_GATHER_INFO |
2015-12-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20151208_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2015-12-21 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2306-1.nasl - Type : ACT_GATHER_INFO |
2015-12-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2843-2.nasl - Type : ACT_GATHER_INFO |
2015-12-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2840-1.nasl - Type : ACT_GATHER_INFO |
2015-12-17 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-893.nasl - Type : ACT_GATHER_INFO |
2015-12-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2841-1.nasl - Type : ACT_GATHER_INFO |
2015-12-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2841-2.nasl - Type : ACT_GATHER_INFO |
2015-12-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2842-1.nasl - Type : ACT_GATHER_INFO |
2015-12-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2842-2.nasl - Type : ACT_GATHER_INFO |
2015-12-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2843-1.nasl - Type : ACT_GATHER_INFO |
2015-12-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2844-1.nasl - Type : ACT_GATHER_INFO |
2015-12-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20151215_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2645.nasl - Type : ACT_GATHER_INFO |
2015-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2636.nasl - Type : ACT_GATHER_INFO |
2015-12-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-2636.nasl - Type : ACT_GATHER_INFO |
2015-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-892.nasl - Type : ACT_GATHER_INFO |
2015-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-879.nasl - Type : ACT_GATHER_INFO |
2015-12-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-2636.nasl - Type : ACT_GATHER_INFO |
2015-12-14 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0154.nasl - Type : ACT_GATHER_INFO |
2015-12-14 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-3107.nasl - Type : ACT_GATHER_INFO |
2015-12-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3414.nasl - Type : ACT_GATHER_INFO |
2015-12-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-2552.nasl - Type : ACT_GATHER_INFO |
2015-12-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2552.nasl - Type : ACT_GATHER_INFO |
2015-12-09 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-2552.nasl - Type : ACT_GATHER_INFO |
2015-12-07 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2194-1.nasl - Type : ACT_GATHER_INFO |
2015-11-30 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2108-1.nasl - Type : ACT_GATHER_INFO |
2015-11-23 | Name : The remote host is affected by multiple denial of service vulnerabilities. File : citrix_xenserver_CTX202583.nasl - Type : ACT_GATHER_INFO |
2015-11-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_2cabfbab8bfb11e5bd18002590263bf5.nasl - Type : ACT_GATHER_INFO |
2015-11-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2807-1.nasl - Type : ACT_GATHER_INFO |
2015-11-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3396.nasl - Type : ACT_GATHER_INFO |
2015-11-10 | Name : The remote Windows host is affected by multiple denial of service vulnerabili... File : smb_kb3108638.nasl - Type : ACT_GATHER_INFO |
2015-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2806-1.nasl - Type : ACT_GATHER_INFO |
2015-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2805-1.nasl - Type : ACT_GATHER_INFO |
2015-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2804-1.nasl - Type : ACT_GATHER_INFO |
2015-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2803-1.nasl - Type : ACT_GATHER_INFO |
2015-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2802-1.nasl - Type : ACT_GATHER_INFO |
2015-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2801-1.nasl - Type : ACT_GATHER_INFO |
2015-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2800-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-09 13:21:42 |
|