Published: 13/09/2018 Updated: 05/11/2018

CVSS v2 Base Score: 7.7 | Impact Score: 10 | Exploitability Score: 5.1

CVSS v3 Base Score: 8.4 | Impact Score: 6 | Exploitability Score: 1.7

VMScore: 685

Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8439.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 10 1607
microsoft windows 10 1703
microsoft windows 10 1803
microsoft windows server 2016 1709
microsoft windows server 2016 -
microsoft windows server 2016 1803

It's September 2018, and Windows VMs can pwn their host servers by launching an evil app

The Register • Shaun Nichols in San Francisco • 11 Sep 2018

Too smart? There's also an old-fashioned image file RCE Safari, Edge fans: Is that really the website you think you're visiting? URL spoof bug blabbed

Admins will again be working overtime as Microsoft and Adobe have posted their monthly scheduled security updates for September. This month's Patch Tuesday bundle includes critical fixes for Windows, SQL Server, and Hyper V, as well as Flash and Cold Fusion. In total, Microsoft addressed 61 CVE-listed vulnerabilities this month, including 23 that would potentially allow for remote code execution. One of the more noteworthy of those bugs is CVE-2018-8475, a remote code flaw that can be triggered ...

CVE-2018-0965

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect