Description
<p>A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.</p> <p>An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.</p> <p>The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.</p>
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
E
Physical
RL
O
RC
Changed
Affected products
- Microsoft / Windows 101709 – 1709
- Microsoft / Windows 101903 – 1903
- Microsoft / windows_10_1507
- Microsoft / windows_10_1607
- Microsoft / windows_10_1803
- Microsoft / windows_10_1809
- Microsoft / windows_10_1909
- Microsoft / Windows 7
- Microsoft / Windows 8.1
- Microsoft / windows_server_1903
- Microsoft / windows_server_1909
- Microsoft / windows_server_2004
- Microsoft / windows_server_2008_R2
- Microsoft / windows_server_2008_sp2
- Microsoft / Windows Server 2012
- Microsoft / Windows Server 2012 R2
- Microsoft / Windows Server 2016
- Microsoft / Windows Server 2019