Main Vulnerability Database Vulnerabilities #VU16867

Input validation error in Windows and Windows Server - CVE-2019-0550

Published: January 8, 2019 / Updated: January 8, 2019

Vulnerability identifier: #VU16867

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-0550

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows an adjacent attacker to compromise vulnerable system.

The vulnerability exists due to an input validation error when processing malicious input. An attacker running inside a virtual machine can run a specially crafted application that could cause the Hyper-V host operating system to execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable host system.

How to mitigate CVE-2019-0550

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0550

Input validation error in Windows and Windows Server - CVE-2019-0550

Detailed vulnerability description

How to mitigate CVE-2019-0550

Sources

Please verify you're human