CVE-2021-34450
published 2021-07-16CVE-2021-34450: Windows Hyper-V Remote Code Execution Vulnerability
critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
Windows Hyper-V Remote Code Execution Vulnerability
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2061 | 10.0.17763.2061 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1679 | 10.0.18363.1679 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1110 | 10.0.19041.1110 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1110 | 10.0.19043.1110 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.2061 | 10.0.17763.2061 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1110 | 10.0.19041.1110 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19042.1110 | 10.0.19042.1110 |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_1909_for_x64-based_systems | — | — |
| msrc | windows_10_version_2004_for_x64-based_systems | — | — |
| msrc | windows_10_version_20h2_for_x64-based_systems | — | — |
| msrc | windows_10_version_21h1_for_x64-based_systems | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_2004 | — | — |
| msrc | windows_server_version_20h2 | — | — |
GHSA
GHSA-58c9-m4j7-84m4: Windows Hyper-V Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-34450 [CRITICAL] GHSA-58c9-m4j7-84m4: Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Microsoft
Windows Hyper-V Remote Code Execution Vulnerability
vendor_msrc·2021-07-13·CVSS 8.5
CVE-2021-34450 [HIGH] Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
FAQ: How would an attacker exploit this vulnerability?
This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.
Role: Windows Hyper-V: Role: Windows Hyper-V
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5004244
Reference: https://support.microsoft.com/help/5004244
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=
No detection rules found.
No public exploits indexed.
Tenable
Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771)
blogs_tenable·2021-07-13·CVSS 7.8
[HIGH] Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Crowdstrike
July 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2021 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
July 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2021-07-16
Published