CVE-2019-1470
published 2019-12-10CVE-2019-1470: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a…
medium6CVSS 3.1
AVLACLPRHUINSCCHINAN
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_x64-based_systems | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
Microsoft
Windows Hyper-V Information Disclosure Vulnerability
vendor_msrc·2019-12-10·CVSS 6.0
CVE-2019-1470 [MEDIUM] Windows Hyper-V Information Disclosure Vulnerability
Windows Hyper-V Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.
An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system.
The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
FAQ: What type of information could be disclosed by this vulnerability?
The type of information that could
GHSA
GHSA-frv3-8pxq-29h4: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated
ghsa_unreviewed·2022-05-24
CVE-2019-1470 [MEDIUM] GHSA-frv3-8pxq-29h4: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
No detection rules found.
No public exploits indexed.
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Exploits y vulnerabilidades
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro Dec 11, 2019 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, an
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Exploits & Vulnerabilities
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro 2019/12/11 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and S
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro Dec 11, 2019 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and SQL Server. None of the fix
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Ausnutzung von Schwachstellen
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro Dec 11, 2019 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server,
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Sfruttamento vulnerabilità
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro Dec 11, 2019 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Exploits & Vulnerabilities
# December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro
2019/12/11
Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday. Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and SQ
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
# December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro
Dec 11, 2019
Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday. Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and SQL Server. None of the fixe
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Exploits & Vulnerabilities
## December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro Dec 11, 2019 Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday . Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and
Talos
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-12-10·CVSS 7.8
[HIGH] Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical.
This month’s security update covers security issues in a variety of Microsoft services and software, including Remote Desktop Protocol, Hyper-V and multiple Microsoft Office products.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here .
## Critical vulnerabilities Microsoft disclosed two critical vulnerabilities this month, both of which we will highlight b
Talos
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-12-10·CVSS 7.8
[HIGH] Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical.
This month’s security update covers security issues in a variety of Microsoft services and software, including Remote Desktop Protocol, Hyper-V and multiple Microsoft Office products.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.
### Critical vulnerabilities Microsoft disclosed two critical vulnerabilities this month, both of which we will highlight below.
CVE-2019-1468 is a remote code execution vulnerability in the Windows font libr
2019-12-10
Published