SB2019111214 - Multiple vulnerabilities in Windows Hyper-V
Published: November 12, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2019-1389)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V Network Switch on a host server does not properly validate input from a privileged user on a guest operating system. An administrator on adjacent network can execute arbitrary code on the target system.
2) Input validation error (CVE-ID: CVE-2019-0721)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V Network Switch on a host server does not properly validate input from a privileged user on a guest operating system. A remote administrator can use a speciallly crafted application and execute arbitrary code on the target system.
3) Input validation error (CVE-ID: CVE-2019-0719)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V Network Switch on a host server does not properly validate input from a privileged user on a guest operating system. A remote administrator can use a speciallly crafted application and execute arbitrary code on the target system.
4) Input validation error (CVE-ID: CVE-2019-0712)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V Network Switch on a host server does not properly validate input from a privileged user on a guest operating system.
Successful exploitation of the vulnerability may result denial of service (DoS) attack against the host system.
5) Input validation error (CVE-ID: CVE-2019-1309)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V Network Switch on a host server does not properly validate input from a privileged user on a guest operating system.
Successful exploitation of the vulnerability may result denial of service (DoS) attack against the host system.
6) Input validation error (CVE-ID: CVE-2019-1310)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V Network Switch on a host server does not properly validate input from a privileged user on a guest operating system.
Successful exploitation of the vulnerability may result denial of service (DoS) attack against the host system.
7) Input validation error (CVE-ID: CVE-2019-1397)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V on a host server does not properly validate input from a privileged user on a guest operating system.
Successful exploitation of the vulnerability may result arbitrary code execution on the host system.
8) Input validation error (CVE-ID: CVE-2019-1398)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V on a host server does not properly validate input from a privileged user on a guest operating system.
Successful exploitation of the vulnerability may result arbitrary code execution on the host system.
9) Input validation error (CVE-ID: CVE-2019-1399)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when Microsoft Hyper-V on a host server does not properly validate input from a privileged user on a guest operating system.
Successful exploitation of the vulnerability may result denial of service (DoS) attack against the host system.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1389
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0719
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0712
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1309
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1310
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1397
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1398
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1399