Microsoft Security Advisory 3108638
Update for Windows Hyper-V to Address CPU Weakness
Published: November 10, 2015
Microsoft is announcing the availability of a security update for Windows Hyper-V to protect against a denial of service condition that can be triggered with certain central processing unit (CPU) chipsets. Although the weakness resides in the chipset, Microsoft is issuing this security update to protect customers. The update prevents guests on a Hyper-V system from triggering a weakness in the CPU that could allow instructions from a Hyper-V guest to place its Hyper-V host's CPU into an unresponsive state, leading to a denial of service condition for the guest operating systems running on the affected host. Successful exploitation of the CPU weakness would require kernel-mode code execution privileges on the guest operating system.
The update circumvents the CPU weakness by preventing a guest operating system from triggering the unresponsive state in the host system’s CPU.
Recommendation. Please see the Suggested Actions section of this advisory for instructions on applying the updates for specific releases of Microsoft Windows.
|CVE References||CVE-2015-5307 \ CVE-2015-8104|
|Microsoft Knowledge Base Article||3108638|
The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.
|Operating System||Security Impact||Severity Rating||Updates Replaced|
|Windows Server 2008|
|Windows Server 2008 for x64-based Systems Service Pack 2 (3108604)||Denial of Service||Important||None|
|Windows Server 2008 R2|
|Windows Server 2008 R2 for x64-based Systems Service Pack 1 (3108604)||Denial of Service||Important||None|
|Windows 8 and Windows 8.1|
|Windows 8 for x64-based Systems (Professional and Enterprise editions only) (3108604)||Denial of Service||Important||None|
|Windows 8.1 for x64-based Systems (Professional and Enterprise editions only) (3108604)||Denial of Service||Important||None|
|Windows Server 2012 and Windows Server 2012 R2|
|Windows Server 2012 (3108604)||Denial of Service||Important||None|
|Windows Server 2012 R2 (3108604)||Denial of Service||Important||None|
|Windows 10 for x64-based Systems(Excluding Home editions) (3105213)||Denial of Service||Important||None|
|Windows 10 Version 1511 for x64-based Systems(Excluding Home editions) (3105211)||Denial of Service||Important||None|
|Server Core installation option|
|Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (3108604)||Denial of Service||Important||None|
|Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (3108604)||Denial of Service||Important||None|
|Windows Server 2012 (Server Core installation) (3108604)||Denial of Service||Important||None|
|Windows Server 2012 R2 (Server Core installation) (3108604)||Denial of Service||Important||None|
Windows 10 updates are cumulative. In addition to containing non-security updates, they also contain all of the security fixes for all of the Windows 10-affected vulnerabilities shipping with the monthly security release. The updates are available via the Microsoft Update Catalog.
Note Windows Server Technical Preview 3 is affected. Customers running this operating system are encouraged to apply the update, which is available via Windows Update.
What is the scope of the advisory? The purpose of this advisory is to notify customers of an available security update for Windows Hyper-V to protect against a denial of service condition that can be triggered with certain CPU chipsets.
What does the update do?
The security update bypasses the CPU weakness by preventing a guest operating system from triggering an unresponsive state in the CPU.
Apply the update for your version of Microsoft Windows
The majority of customers have automatic updating enabled and will not need to take any action because the updates will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 3097966.
For administrators and enterprise installations, or end users who want to install the updates manually, Microsoft recommends applying the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information on how to manually apply the updates, see Microsoft Knowledge Base Article 3108638.
Additional Suggested Actions
Protect your PC
We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see Microsoft Safety & Security Center.
Keep Microsoft Software Updated
Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.
Security Update Deployment
For Security Update Deployment information, see Microsoft Knowledge Base Article 3108638.
- You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.
- Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
- Microsoft TechNet Security provides additional information about security in Microsoft products.
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (November 10, 2015): Advisory published.
Page generated 2015-11-09 13:45-08:00.