Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1470: Windows Hyper-V Information Disclosure Vulnerability

Back to Search

Microsoft CVE-2019-1470: Windows Hyper-V Information Disclosure Vulnerability

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
12/10/2019
Created
12/11/2019
Added
12/10/2019
Modified
11/10/2020

Description

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

Solution(s)

  • msft-kb4530681-0c00c48e-429c-44ad-bb20-a002317d7ef2
  • msft-kb4530681-cab09647-3de1-4fa5-86ff-43f42248da5b
  • msft-kb4530684-23df10e6-4bbe-4879-b964-a764873d48f4
  • msft-kb4530684-56f74c2f-f41b-4484-8172-6a136360031b
  • msft-kb4530684-5db85b37-63ff-4e38-b386-0e49dee65613
  • msft-kb4530684-917e2475-9fba-411d-9308-1a21925a9e6c
  • msft-kb4530684-af0c14d2-ca3c-4734-b7df-fb681347db92
  • msft-kb4530684-f82cd7d6-31bf-445d-9eb0-580f5caf4345
  • msft-kb4530689-4a482324-88ce-4271-9777-d63e0afbd360
  • msft-kb4530689-74d36f3f-fa38-4304-a739-ae07c7d3480c
  • msft-kb4530689-acded10d-a3f9-4c4f-ac7a-f410b38098f9
  • msft-kb4530692-43dfa206-3c9d-449d-bcb8-c667f99be817
  • msft-kb4530692-47d8e252-ac6d-4d07-ba30-3789160c200b
  • msft-kb4530692-9714c8b1-3b21-484e-9849-9c1e471537b6
  • msft-kb4530692-cf411479-9655-47df-bfa3-62b6deab32b8
  • msft-kb4530692-d191ebc8-0d63-43ce-b908-f92f1fd27310
  • msft-kb4530692-ee1100b1-b2ab-4248-a77f-5d273d279545
  • msft-kb4530698-4356072d-70cf-414d-bdb4-86aea3573cd6
  • msft-kb4530698-44e206f2-1c55-40c0-a3ce-08c5fc121314
  • msft-kb4530698-a5a266c2-dd84-4b48-8b38-573ab428444b
  • msft-kb4530714-37a011b3-c721-4d33-99c2-5d29f2f2f7b7
  • msft-kb4530714-d502a0ca-5d93-40ef-9498-af2adefe51fc
  • msft-kb4530715-5727ed9e-913c-486d-bb4e-d009291f655a
  • msft-kb4530715-76364aa0-71b3-458b-8b51-debf75b3f26d
  • msft-kb4530715-8422f4e2-efbf-4717-8667-3fb7c444943c
  • msft-kb4530717-7ed36733-5a55-4c21-8cbd-2481443e6ed9
  • msft-kb4530717-e497e961-edce-4a33-826b-71d43731218d
  • msft-kb4530717-e5ef643d-05f6-41a4-991a-8380ec8ddaa2
  • msft-kb4530719-4b41c5d5-e946-4ff0-959e-3091dfaaeb07
  • msft-kb4530719-990a741a-b9cf-4334-b749-fd3d2e598a1d
  • msft-kb4530719-a4ac97fc-fe65-4b2d-9ea0-fc14c543e7a9
  • msft-kb4530730-21a243ba-4a7f-4ced-b416-fc7b13fd9bb4
  • msft-kb4530730-26757e13-8369-4e19-813d-bf1e73370c55
  • msft-kb4530730-41322212-5351-4586-b7bf-09231644bcd9

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;