Privilege escalation in Microsoft Windows Hyper-V
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-8489 CVE-2018-8490 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU15252
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8489
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to compromise vulnerable host operating system.
The vulnerability exists in Windows Hyper-V on a host server due to improper validation of input from an authenticated user on a guest operating system. A remote attacker with access to guest operating system can run a specially crafted application and compromise the host system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 7 - 10 1809 10.0.17763.1
Windows Server: 2008 - 2019 1803
CPE2.3- cpe:2.3:o:microsoft:windows:8.1 RT:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10 1809:10.0.17763.1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10 1803:10.0.17134.48:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10 1709:10.0.16299.19:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10 1703:10.0.15063.138:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10 1607:10.0.14393.10:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012 R2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:*:*:*:*:*:*:*
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8489
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU15253
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8490
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to compromise vulnerable host operating system.
The vulnerability exists in Windows Hyper-V on a host server due to improper validation of input from an authenticated user on a guest operating system. A remote attacker with access to guest operating system can run a specially crafted application and compromise the host system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 7 - 10
Windows Server: 2008 - 2019 1709
CPE2.3- cpe:2.3:o:microsoft:windows:8.1 RT:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012 R2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:*:*:*:*:*:*:*
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8490
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
