Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-0886: Windows Hyper-V Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft CVE-2019-0886: Windows Hyper-V Information Disclosure Vulnerability

Severity
3
CVSS
(AV:A/AC:L/Au:S/C:P/I:N/A:N)
Published
05/14/2019
Created
05/15/2019
Added
05/14/2019
Modified
11/18/2021

Description

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

Solution(s)

  • msft-kb4494440-4091b3b1-890f-4344-bf2c-cd6cc084a9a6
  • msft-kb4494440-db85a23a-f0f7-466e-ad06-73387fea46dd
  • msft-kb4494440-dd00e364-6182-4eb3-b4b3-49d6ca3f9d98
  • msft-kb4494441-49a84799-4aea-43e3-b297-d9b34762ce6b
  • msft-kb4494441-5d824d81-f71c-4236-b44a-b1d3d3afac45
  • msft-kb4494441-e34205a2-3739-4b7c-b792-22bc71890ca9
  • msft-kb4497936-0e57e7d4-5e8c-4c73-8998-9bbb32563e02
  • msft-kb4497936-10429ff2-9c14-4fb1-abdc-a105642cb1ad
  • msft-kb4497936-1d1a728c-a4f7-4574-8d1d-13011eef32eb
  • msft-kb4499167-02d7f039-e9d8-44a4-991c-7f0018dbb17b
  • msft-kb4499167-2ea0586a-8e8e-4677-bcd7-0d821e1f3e9c
  • msft-kb4499167-426f16ec-8a9b-4c38-a4f9-c018371d51cb
  • msft-kb4499179-7f17fdb3-7c5e-44c1-b12c-bc57af632380
  • msft-kb4499179-b166ef22-f8fd-4be4-b577-5dd5e689c5e9
  • msft-kb4499181-78d037a2-ac8c-4a2a-a2dd-4d706c402d25
  • msft-kb4499181-acf8762b-9546-4a51-8e26-d5790de3c4ab

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;