Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1254: Windows Hyper-V Information Disclosure Vulnerability

Back to Search

Microsoft CVE-2019-1254: Windows Hyper-V Information Disclosure Vulnerability

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
09/10/2019
Created
09/11/2019
Added
09/10/2019
Modified
09/20/2019

Description

An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk. An attacker could exploit the vulnerability by reading a file to recover kernel memory. To exploit the vulnerability, an attacker would first require access to a Hyper-V host. The security update addresses the vulnerability by ensuring Hyper-V properly initializes memory before writing it to disk.

Solution(s)

  • msft-kb4512578-0cd62cca-3a16-480d-a189-e8ea147bb43f
  • msft-kb4512578-43bab29b-faba-4d28-ab68-daae07145e70
  • msft-kb4512578-83d97879-e87b-4658-a1f1-2d436c2b0a9f
  • msft-kb4515384-1fec8c01-d96f-4692-9c3f-533f1966ba0f
  • msft-kb4515384-afb67aeb-fdea-4890-8a09-28b41988eec6
  • msft-kb4515384-f440901e-4a8a-4ff0-b578-73ab9ec39370
  • msft-kb4516044-4d387cda-6491-4775-9f86-ec445694daf6
  • msft-kb4516044-5743683a-0751-4f47-a0a5-54186af17be5
  • msft-kb4516044-5bd21ff7-dd92-4cb4-a08a-e15994c99cad
  • msft-kb4516058-4d1b0989-a12b-4062-9692-ada2a53833aa
  • msft-kb4516058-aa4b167d-e6b6-4206-aa84-b9c135353b77
  • msft-kb4516058-f2bdd1f1-8f8f-429b-b798-905b82bdf629
  • msft-kb4516066-92c6450f-2320-49f6-8bd9-0b61c9e10976
  • msft-kb4516066-ad42679f-7ae5-4e30-818f-ec14d19718a1
  • msft-kb4516068-117fb78f-b0ad-4ba3-a5aa-8cc9dad2be7d
  • msft-kb4516068-568e1bb0-2cd4-4521-8b07-fc5be5bcb391

References

  • msft-kb4512578-0cd62cca-3a16-480d-a189-e8ea147bb43f
  • msft-kb4512578-43bab29b-faba-4d28-ab68-daae07145e70
  • msft-kb4512578-83d97879-e87b-4658-a1f1-2d436c2b0a9f
  • msft-kb4515384-1fec8c01-d96f-4692-9c3f-533f1966ba0f
  • msft-kb4515384-afb67aeb-fdea-4890-8a09-28b41988eec6
  • msft-kb4515384-f440901e-4a8a-4ff0-b578-73ab9ec39370
  • msft-kb4516044-4d387cda-6491-4775-9f86-ec445694daf6
  • msft-kb4516044-5743683a-0751-4f47-a0a5-54186af17be5
  • msft-kb4516044-5bd21ff7-dd92-4cb4-a08a-e15994c99cad
  • msft-kb4516058-4d1b0989-a12b-4062-9692-ada2a53833aa
  • msft-kb4516058-aa4b167d-e6b6-4206-aa84-b9c135353b77
  • msft-kb4516058-f2bdd1f1-8f8f-429b-b798-905b82bdf629
  • msft-kb4516066-92c6450f-2320-49f6-8bd9-0b61c9e10976
  • msft-kb4516066-ad42679f-7ae5-4e30-818f-ec14d19718a1
  • msft-kb4516068-117fb78f-b0ad-4ba3-a5aa-8cc9dad2be7d
  • msft-kb4516068-568e1bb0-2cd4-4521-8b07-fc5be5bcb391

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;