CVE-2020-1041Improper Input Validation in Microsoft Windows Server

CWE-20Improper Input Validation24 documents7 sources
Severity
9.0CRITICALNVD
EPSS
0.6%
top 30.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Windows ServerMicrosoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedJul 14
Latest updateMay 24

Description

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1042, CVE-2020-1043.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

CVEListV5microsoft/windows_server8 versions+7

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

12
GHSA
GHSA-cwh6-w644-6v8q: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user o2022-05-24
GHSA
GHSA-6jw7-r2qx-ffpf: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user o2022-05-24
GHSA
GHSA-98qh-xxww-5r96: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user o2022-05-24
GHSA
GHSA-8f34-ccvf-c6jf: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user o2022-05-24
GHSA
GHSA-j92j-5hg7-f7hx: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user o2022-05-24

📋Vendor Advisories

1
Microsoft
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability2020-07-14

🕵️Threat Intelligence

5
Talos
Vulnerability Spotlight: Multiple vulnerabilities in RemoteFX affects, AMD, Intel chips2020-07-14
Tenable
Microsoft’s July 2020 Patch Tuesday Addresses 123 CVEs Including Wormable Windows DNS Server RCE (CVE-2020-1350) (SIGRed)2020-07-14
Talos
Vulnerability Spotlight: Multiple vulnerabilities in RemoteFX affects, AMD, Intel chips2020-07-14
Qualys
July 2020 Patch Tuesday – 123 Vulnerabilities, 18 Critical, Hyper-V RemoteFX, DNS Server, Workstation, Adobe | Qualys2020-07-14
Qualys
July 2020 Patch Tuesday – 123 Vulnerabilities, 18 Critical, Hyper-V RemoteFX, DNS Server, Workstation, Adobe2020-07-14
CVE-2020-1041 — Improper Input Validation in Microsoft | cvebase