CVE-2020-0917: Windows Hyper-V Elevation of Privilege Vulnerability
Overview
- Severity
- High (CVSS 8.4)
- CVSS Vector
- CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
- Category
- Elevation of Privilege
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2020-Apr
- Released
- 2020-04-14
- EPSS Score
- 1.21% (percentile: 79.0%)
Description
An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.
This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.
The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory.
Affected Products (7)
Windows
- Windows 10 Version 1809 for x64-based Systems
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows 10 Version 1909 for x64-based Systems
- Windows Server, version 1909 (Server Core installation)
- Windows 10 Version 1903 for x64-based Systems
- Windows Server, version 1903 (Server Core installation)
Security Updates (2)
Acknowledgments
Daniel King (<a href="https://twitter.com/long123king">@long123king</a>), MSRC Microsoft
Revision History
- 2020-04-14: Information published.