CVE-2020-16891: Windows Hyper-V Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 8.8)

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Oct

Released

2020-10-13

EPSS Score

0.40% (percentile: 60.8%)

Description

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

Affected Products (25)

Other

• 11768
• 11769
• 11498
• 11569
• 11571
• 11572
• 11713
• 11715
• 11454
• 11645
• 11647
• 10735
• 10853
• 10816
• 10855
• 10048
• 10482
• 9318
• 9344
• 10051
• 10049
• 10378
• 10379
• 10483
• 10543

Security Updates (15)

• 4579311
• 4580330
• 4577668
• 4577671
• 4580328
• 4580327
• 4580346
• 4580345
• 4580387
• 4580347
• 4580358
• 4580378
• 4580385
• 4580382
• 4580353

Acknowledgments

HongZhenhao of IceSword Lab

Revision History

• 2020-10-13: Information published.