Microsoft CVE-2018-0964: Windows Hyper-V Information Disclosure Vulnerability
Description
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Solution(s)
- msft-kb4093107-08089676-57b7-4989-a27a-3759fa8d6293
- msft-kb4093112-7a639cb5-17a8-47d3-8879-3a2827b51b56
- msft-kb4093112-7dd55f48-a1f3-4945-80c1-5ce237a6a28d
- msft-kb4093112-936c76bd-d063-4f5c-82d9-7fb5dcbf720d
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center