CVE-2024-30010
published 2024-05-14CVE-2024-30010: Windows Hyper-V Remote Code Execution Vulnerability
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.32%
81.3th percentile
Windows Hyper-V Remote Code Execution Vulnerability
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24868 | 6.2.9200.24868 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21972 | 6.3.9600.21972 |
| microsoft | windows_server_2016 | < 10.0.14393.6981 | 10.0.14393.6981 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6981 | 10.0.14393.6981 |
| microsoft | windows_server_2019 | < 10.0.17763.5820 | 10.0.17763.5820 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.5820 | 10.0.17763.5820 |
| microsoft | windows_server_2022 | < 10.0.20348.2461 | 10.0.20348.2461 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2461 | 10.0.20348.2461 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.887 | 10.0.25398.887 |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker sends malformed packets to Hyper-V Replica endpoints on the host from a remote machine; monitor for anomalous or malformed network traffic targeting Hyper-V Replica ports/services ↗
- →Exploitation requires authenticated (low-privilege) access; monitor for unexpected authenticated remote connections to Hyper-V Replica endpoints ↗
- ·Exploitation is assessed as 'Less Likely' by Microsoft and has not been publicly disclosed or observed in the wild at time of publication ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Hyper-V Remote Code Execution Vulnerability
vendor_msrc·2024-05-14·CVSS 8.8
CVE-2024-30010 [HIGH] CWE-23 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
The attacker must be authenticated to be able to exploit this vulnerability.
FAQ: How would an attacker exploit this vulnerability?
An attacker who successfully exploited this vulnerability could send malformed packets to Hyper-V Replica endpoints on the host from a remote machine.
Windows Hyper-V: Windows Hyper-V
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037765
Reference: https://support.microsoft.com
GHSA
GHSA-w974-55hm-qp53: Windows Hyper-V Remote Code Execution Vulnerability
ghsa_unreviewed·2024-05-14
CVE-2024-30010 [HIGH] CWE-23 GHSA-w974-55hm-qp53: Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
No detection rules found.
No public exploits indexed.
Trendmicro
The May 2024 Security Update Review
blogs_trendmicro·2024-05-14·CVSS 7.8
[HIGH] The May 2024 Security Update Review
# The May 2024 Security Update Review
Get the May 2024 security update and review.
By: Dustin Childs
2024/05/14
Read time: ( words)
Save to Folio
Welcome to the second Tuesday of May. As expected, Adobe and Microsoft have released their standard bunch of security patches. Take a break from your regular activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Apple Patches for May 2024
Apple kicked off the May release cycle with a group of updates for their macOS and iOS platforms. Most notable is a fix for CVE-2024-23296 for iOS 16.7.8 and iPadOS 16.7.8. This vulnerability is a memory corruption issue in RTKit that could allow attackers to bypass kernel memory protec
Trendmicro
The May 2024 Security Update Review
blogs_trendmicro·2024-05-14·CVSS 7.8
[HIGH] The May 2024 Security Update Review
## The May 2024 Security Update Review
Get the May 2024 security update and review.
By: Dustin Childs 2024/05/14 Read time: ( words)
Save to Folio
Welcome to the second Tuesday of May. As expected, Adobe and Microsoft have released their standard bunch of security patches. Take a break from your regular activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Apple Patches for May 2024
Apple kicked off the May release cycle with a group of updates for their macOS and iOS platforms. Most notable is a fix for CVE-2024-23296 for iOS 16.7.8 and iPadOS 16.7.8 . This vulnerability is a memory corruption issue in RTKit that could allow attackers to bypass kernel memory prote
Bleepingcomputer
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
blogs_bleepingcomputer·2024-05-14·CVSS 8.8
[HIGH] Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
## Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
## Lawrence Abrams
17 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
27 Remote Code Execution Vulnerabilities
7 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
4 Spoofing Vulnerabilities
The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four fixed on May 10th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5037771 cumulative update and the Windows 10 KB5037768 update .
## Three zero-days fixed
This month's Patch Tuesday fixes two actively exploited and one publicly disclosed zero-day vulnerabilities.
Microsoft classifies a zero-day as a flaw
2024-05-14
Published