Description
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
E
Physical
RL
O
RC
Changed
Affected products
- Microsoft / Windows 101903 – 1903
- Microsoft / Windows 101703 – 1703
- Microsoft / Windows 101709 – 1709
- Microsoft / windows_10_1507
- Microsoft / windows_10_1607
- Microsoft / windows_10_1803
- Microsoft / windows_10_1809
- Microsoft / Windows 7
- Microsoft / Windows 8.1
- Microsoft / windows_server_1803
- Microsoft / windows_server_1903
- Microsoft / windows_server_2008_R2
- Microsoft / windows_server_2008_sp2
- Microsoft / Windows Server 2012
- Microsoft / Windows Server 2012 R2
- Microsoft / Windows Server 2016
- Microsoft / Windows Server 2019