Executive Summary
Summary | |
---|---|
Title | Vulnerability in Windows Server 2008 Hyper |
Informations | |||
---|---|---|---|
Name | MS10-010 | First vendor Publication | 2010-02-09 |
Vendor | Microsoft | Last vendor Modification | 2010-02-10 |
Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Local |
Cvss Impact Score | 6.9 | Attack Complexity | High |
Cvss Expoit Score | 1.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (February 10, 2010): Changed the Systems Management Server table entry for SMS 2003 with ITMU for Windows Server 2008 R2. This is an informational change only. There were no changes to the security update files or detection logic.Summary: This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-010.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:8006 | |||
Oval ID: | oval:org.mitre.oval:def:8006 | ||
Title: | Hyper-V Instruction Set Validation Vulnerability | ||
Description: | The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0026 | Version: | 7 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62251 | Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-02-18 | IAVM : 2010-B-0012 - Microsoft Windows Hyper-V Denial of Service Vulnerability Severity : Category II - VMSKEY : V0022676 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows Hypervisor vfd download attempt RuleID : 18396 - Revision : 10 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-02-09 | Name : A local attacker can crash the remote host. File : smb_nt_ms10-010.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:28 |
|
2014-01-19 21:30:26 |
|
2013-11-11 12:41:15 |
|