CVE-2017-0021

Published: Mar 17, 2017Modified: May 13, 2026

9.0

Vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.3 / Impact: 6.0

Source: NVD

Description

Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095.

Affected (2)

Products: Microsoft: Windows 10, Windows Server 2016

2 products

Windows Server 2016

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 10	Version 1607
Microsoft Windows Server 2016	All versions

References (6)

http://www.securityfocus.com/bid/96020

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037999

Source: secure@microsoft.com

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021

Source: secure@microsoft.com

MitigationPatchVendor Advisory

http://www.securityfocus.com/bid/96020

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037999

Source: af854a3a-2127-422b-91ae-364da2661108

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0021

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

Timeline

No history available yet.