Severity Rating: HIGH
Software Affected
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2016
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)
Overview
A remote code execution vulnerability has been reported in Microsoft
Windows Hyper-V which could allow a remote attacker to execute arbitrary
code on the target system.
Description
This vulnerability exists in Hyper-V host server due to insufficient
validation of input (vSMB packet data) supplied from an authenticated user
on a guest operating system. An attacker could exploit the vulnerability by
executing specially crafted application on guest operating system.
Successful exploitation of the vulnerability could allow an attacker
execute arbitrary code on the Hyper-V host leading to complete compromise
of the target system.
Solution
Apply appropriate patches as mentioned in Microsoft Security Advisory
Vendor Information
Microsoft
References
Microsoft
CVE Name
CVE-2020-17095
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.