SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Hyper-V Vendors:   Microsoft
Microsoft Hyper-V VMBus Packet Validation Flaw Lets Local Users Deny Service
SecurityTracker Alert ID:  1025644
SecurityTracker URL:  http://securitytracker.com/id/1025644
CVE Reference:   CVE-2011-1872   (Links to External Site)
Date:  Jun 14 2011
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Microsoft Hyper-V. A local user on the guest operating system can cause denial of service conditions on the host operating system.

A local user on the guest operating system can send specially crafted VMBus packets to the host to cause the host operating system to stop responding.

Nicolas Economou of Core Security Technologies reported this vulnerability.

Impact:   A local user on the guest operating system can cause the target host system to stop responding.
Solution:   The vendor has issued the following fixes:

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=24789423-72B7-48D1-BDC1-F0E5174D99BB

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=C9C6C36D-A455-42F7-B7D4-9FB9824C07CB

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=C9C6C36D-A455-42F7-B7D4-9FB9824C07CB

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-047.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms11-047.mspx (Links to External Site)
Cause:   Access control error, Input validation error, State error
Underlying OS:  Windows (2008)
Underlying OS Comments:  2008 SP2, 2008 R2 SP1

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC