CVE-2019-0719
published 2019-11-12CVE-2019-0719: A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user…
PriorityP355critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
10.68%
95.3th percentile
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1709 | — | — |
| msrc | windows_10_version_1803 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_1903 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_msrc8.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c9x8-4v35-37qf: A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticat
ghsa_unreviewed·2022-05-24·CVSS 9.1
CVE-2019-0719 [CRITICAL] GHSA-c9x8-4v35-37qf: A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticat
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.
GHSA
GHSA-wgjq-j646-4ghv: A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticat
ghsa_unreviewed·2022-05-24·CVSS 9.1
CVE-2019-0721 [CRITICAL] GHSA-wgjq-j646-4ghv: A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticat
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719.
Microsoft
Hyper-V Remote Code Execution Vulnerability
vendor_msrc·2019-11-12·CVSS 8.0
CVE-2019-0719 [CRITICAL] Hyper-V Remote Code Execution Vulnerability
Hyper-V Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.
The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic.
Windows Hyper-V: Windows Hyper-V
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:N
No detection rules found.
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-08-13·CVSS 9.1
[CRITICAL] Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate."
This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories here, covering all of the new rules we have for this release.
### Critical vulnerabilities Microsoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below.
CVE-2019-1181 and CVE-2019-1182 are both remote code execution vulnerabilities in Remote De
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-08-13·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate."
This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories here , covering all of the new rules we have for this release.
## Critical vulnerabilities Microsoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below.
CVE-2
2019-11-12
Published