MS10-010

Executive Summary

Summary
Title	Vulnerability in Windows Server 2008 Hyper

Informations
Name	MS10-010	First vendor Publication	2010-02-09
Vendor	Microsoft	Last vendor Modification	2010-02-10
Severity (Vendor)	Important	Revision	1.1

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:N/I:N/A:C)
Cvss Base Score	4	Attack Range	Local
Cvss Impact Score	6.9	Attack Complexity	High
Cvss Expoit Score	1.9	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.1 (February 10, 2010): Changed the Systems Management Server table entry for SMS 2003 with ITMU for Windows Server 2008 R2. This is an informational change only. There were no changes to the security update files or detection logic.

Summary: This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS10-010.mspx

CWE : Common Weakness Enumeration

id	Name
CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8006

Oval ID:	oval:org.mitre.oval:def:8006
Title:	Hyper-V Instruction Set Validation Vulnerability
Description:	The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0026	Version:	5
Platform(s):	Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):
Definition Synopsis:
Hyper-V role is enabled AND Affected Software Vulnerable Microsoft Windows Server 2008 x64 Microsoft Windows Server 2008 (64-bit) is installed AND GDR or LDR Service branch Vid.sys version is less than 6.0.6001.18372 OR LDR Vid.sys version is greater than or equal 6.0.6001.22000 AND Vid.sys version is less than 6.0.6001.22572 OR Vulnerable Microsoft Windows Server 2008 SP2 x64 Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND GDR or LDR Service branch Vid.sys version is less than 6.0.6002.18156 OR LDR Vid.sys version is greater than or equal 6.0.6002.22000 AND Vid.sys version is less than 6.0.6002.22278 OR Vulnerable Microsoft Windows Server 2008 x64, Windows Server 2008 R2 x64 Microsoft Windows Server 2008 R2 x64 Edition is installed AND GDR or LDR Service branch Vid.sys version is less than 6.1.7600.16475 OR LDR Vid.sys version is greater than or equal 6.1.7600.20000 AND Vid.sys version is less than 6.1.7600.20587

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows Server 2008 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::r2:x64	3

Open Source Vulnerability Database (OSVDB)

id	Description
62251	Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS

Type	Count
Oval ID(s)	1
CPE ID(s)	3
osvdb(s)	1

Related	Severity
CVE-2010-0026	(Medium)

Same Subject	Severity
Login to view 1 more Alert(s)

MS10-010

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU