Multiple vulnerabilities in Microsoft Hyper-V
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2019-0714 CVE-2019-0715 CVE-2019-0717 CVE-2019-0718 CVE-2019-0723 CVE-2019-0720 CVE-2019-0965 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU20273
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0714
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V Network Switch on a host server does not properly validate input from a privileged user on a guest operating system.
Successful exploitation of the vulnerability may result denial of service (DoS) attack against the host system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 7 - 10 1903 10.0.18362.116
Windows Server: 2008 - 2019 1903
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0714
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU20274
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0715
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V Network Switch on a host server does not properly validate input from a privileged user on a guest operating system.
Successful exploitation of the vulnerability may result denial of service (DoS) attack against the host system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 7 - 10 1903 10.0.18362.116
Windows Server: 2008 - 2019 1903
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0715
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU20275
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0717
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V Network Switch on a host server does not properly validate input from a privileged user on a guest operating system.
Successful exploitation of the vulnerability may result denial of service (DoS) attack against the host system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 10 1809 10.0.17763.1 - 10 1903 10.0.18362.116
Windows Server: 2019 10.0.17763.1 - 2019 1903
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0717
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU20276
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0718
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V Network Switch on a host server does not properly validate input from a privileged user on a guest operating system.
Successful exploitation of the vulnerability may result denial of service (DoS) attack against the host system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 8.1 - 10 1903 10.0.18362.116
Windows Server: 2012 - 2019 1903
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU20277
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0723
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V Network Switch on a host server does not properly validate input from a privileged user on a guest operating system.
Successful exploitation of the vulnerability may result denial of service (DoS) attack against the host system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows: 7 - 10 1903 10.0.18362.116
Windows Server: 2008 R2 - 2019 1903
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0723
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU20278
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0720
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of user-supplied input in the Windows Hyper-V Network Switch. A remote authenticated attacker of the guest operating system can execute arbitrary code on the host system.
Install updates from vendor's website.
Vulnerable software versionsWindows: 7 - 10 1809 10.0.17763.1
Windows Server: 2008 - 2019 1803
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU20279
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0965
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of user-supplied input in the Windows Hyper-V Network Switch. A remote authenticated attacker of the guest operating system can execute arbitrary code on the host system.
Install updates from vendor's website.
Vulnerable software versionsWindows: 10 1709 10.0.16299.19 - 10 1903 10.0.18362.116
Windows Server: 2019 10.0.17763.1 - 2019 1903
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0965
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
