Executive Summary

Summary
TitleVulnerability in Windows Server 2008 Hyper
Informations
NameMS10-010First vendor Publication2010-02-09
VendorMicrosoftLast vendor Modification2010-02-10
Severity (Vendor) ImportantRevision1.1

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:N/I:N/A:C)
Cvss Base Score4Attack RangeLocal
Cvss Impact Score6.9Attack ComplexityHigh
Cvss Expoit Score1.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.1 (February 10, 2010): Changed the Systems Management Server table entry for SMS 2003 with ITMU for Windows Server 2008 R2. This is an informational change only. There were no changes to the security update files or detection logic.Summary: This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS10-010.mspx

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8006
 
Oval ID: oval:org.mitre.oval:def:8006
Title: Hyper-V Instruction Set Validation Vulnerability
Description: The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-0026
Version: 7
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3

Open Source Vulnerability Database (OSVDB)

idDescription
62251Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS

Information Assurance Vulnerability Management (IAVM)

DateDescription
2010-02-18IAVM : 2010-B-0012 - Microsoft Windows Hyper-V Denial of Service Vulnerability
Severity : Category II - VMSKEY : V0022676

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Windows Hypervisor vfd download attempt
RuleID : 18396 - Revision : 9 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

DateDescription
2010-02-09Name : A local attacker can crash the remote host.
File : smb_nt_ms10-010.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 11:46:28
  • Multiple Updates
2014-01-19 21:30:26
  • Multiple Updates
2013-11-11 12:41:15
  • Multiple Updates