Microsoft CVE-2019-1230: Hyper-V Information Disclosure Vulnerability
Description
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how the Windows Hyper-V Network Switch validates guest operating system user input.
Solution(s)
- msft-kb4519338-212c3c1b-d31d-4e80-a30f-ad2cddf5c7fc
- msft-kb4519338-4dc3fc62-f0c5-47fd-b788-24c7bb43bd60
- msft-kb4519338-effa0a42-b050-47d4-a23a-1f3f0a7a7195
- msft-kb4520004-173a42f8-0561-4a76-9a70-bd9cb6fa9151
- msft-kb4520004-f72dbbef-cedb-450e-927d-05414a78aded
- msft-kb4520008-60000a2c-bbc0-473e-a45f-db8e5d59d8f6
- msft-kb4520008-d876d728-1f3a-4686-ac8d-9fee971d40af
- msft-kb4520008-ff9d5ac1-9660-4a2c-8669-260891a47e33
- msft-kb4520010-50f87af3-267d-4242-9ca8-ad63233c710d
- msft-kb4520010-fe65a4a7-b1ab-44b2-9c92-16daa2ddd839
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center