CVE-2019-1397

Summary

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows7 for x64-based Systems Service Pack 1affected
MicrosoftWindows8.1 for x64-based systemsaffected
MicrosoftWindows10 for x64-based Systemsaffected
MicrosoftWindows10 Version 1607 for x64-based Systemsaffected
MicrosoftWindows10 Version 1709 for x64-based Systemsaffected
MicrosoftWindows10 Version 1803 for x64-based Systemsaffected
MicrosoftWindows10 Version 1809 for x64-based Systemsaffected
MicrosoftWindows Server2008 R2 for x64-based Systems Service Pack 1 (Core installation)affected
MicrosoftWindows Server2008 R2 for x64-based Systems Service Pack 1affected
MicrosoftWindows Server2012affected
MicrosoftWindows Server2012 (Core installation)affected
MicrosoftWindows Server2012 R2affected
MicrosoftWindows Server2012 R2 (Core installation)affected
MicrosoftWindows Server2016affected
MicrosoftWindows Server2016 (Core installation)affected
MicrosoftWindows Serverversion 1803 (Core Installation)affected
MicrosoftWindows Server2019affected
MicrosoftWindows Server2019 (Core installation)affected
MicrosoftWindows Server2008 for x64-based Systems Service Pack 2affected
MicrosoftWindows Server2008 for x64-based Systems Service Pack 2 (Core installation)affected
MicrosoftWindows 10 Version 1903 for x64-based Systemsunspecifiedaffected
MicrosoftWindows Server, version 1903 (Server Core installation)unspecifiedaffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References