Multiple vulnerabilities in Microsoft Windows Hyper-V



Published: 2020-02-11
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-0661
CVE-2020-0751
CWE-ID CWE-20
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe 		Windows
Operating systems & Components / Operating system

Windows Server
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU25149

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0661

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user on the local network to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V on a host server does not properly validate input from a privileged user on a guest operating system.

Successful exploitation of the vulnerability may result denial of service (DoS) attack against the host system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Windows: 10 1607 10.0.14393.10 - 10 1909 10.0.18363.476

Windows Server: 2016 10.0.14393.10 - 2019 1909

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0661


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU25150

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0751

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.

Successful exploitation of the vulnerability may result denial of service (DoS) attack against the target application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 1903 10.0.18362.116 - 10 1909 10.0.18363.476

Windows Server: 2019 1903 - 2019 1909

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###