Improper input validation in Windows and Windows Server

#VU11048 Improper input validation in Windows and Windows Server

Published: 2018-03-13 | Updated: 2018-03-13

Vulnerability identifier: #VU11048

Vulnerability risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0885

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists in Microsoft Hyper-V Network Switch on a host server due to insufficient input validation. An adjacent attacker can run a specially crafted application and cause a host machine to crash.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Windows: 8.1 - 8.1 RT, 10

Windows Server: 2008 - 2016 10.0.14393.10

External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0885

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Microsoft Hyper-V