CVE-2019-1389

Summary

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows7 for x64-based Systems Service Pack 1affected
MicrosoftWindows8.1 for x64-based systemsaffected
MicrosoftWindows10 for x64-based Systemsaffected
MicrosoftWindows10 Version 1607 for x64-based Systemsaffected
MicrosoftWindows10 Version 1709 for x64-based Systemsaffected
MicrosoftWindows10 Version 1803 for x64-based Systemsaffected
MicrosoftWindows Server2008 R2 for x64-based Systems Service Pack 1 (Core installation)affected
MicrosoftWindows Server2008 R2 for x64-based Systems Service Pack 1affected
MicrosoftWindows Server2012affected
MicrosoftWindows Server2012 (Core installation)affected
MicrosoftWindows Server2012 R2affected
MicrosoftWindows Server2012 R2 (Core installation)affected
MicrosoftWindows Server2016affected
MicrosoftWindows Server2016 (Core installation)affected
MicrosoftWindows Serverversion 1803 (Core Installation)affected
MicrosoftWindows Server2008 for x64-based Systems Service Pack 2affected
MicrosoftWindows Server2008 for x64-based Systems Service Pack 2 (Core installation)affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References