CVE-2018-0964 — Sensitive Information Exposure in Microsoft Windows 10

4 documents4 sources

Severity

6.1MEDIUMNVD

CNA5.3

EPSS

1.6%

top 18.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Microsoft Windows 10 Servers Microsoft Windows Server 2016

Timeline

PublishedApr 12

Latest updateMay 13

Description

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0957.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:NExploitability: 0.8 | Impact: 4.7

Affected Packages4 packages

▶CVEListV5microsoft/windows_10_serversversion 1709 (Server Core Installation)

▶NVDmicrosoft/windows1709

▶CVEListV5microsoft/windows_10Version 1703 for x64-based Systems, Version 1709 for x64-based Systems+1

▶NVDmicrosoft/windows_101703, 1709+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-f533-qcqf-c873: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated↗2022-05-13

▶

CVEList

CVE-2018-0964: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated↗2018-04-12

▶

📋Vendor Advisories

Microsoft

Windows Hyper-V Information Disclosure Vulnerability↗2018-04-10

▶