PT-2018-9169 · Microsoft · Windows 10 Servers+7

Published

2018-04-10

Updated

2020-08-24

CVE-2018-0957

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Windows Server 2012 R2 Windows RT 8.1 Windows Server 2016 Windows 8.1 Windows 10 Windows 10 Servers

Description: An information disclosure issue exists due to improper input validation from an authenticated user on a guest operating system in Windows Hyper-V. This allows attackers to obtain sensitive information and potentially affect the system.

Recommendations: For Windows Server 2012 R2, update to a version that includes the fix for this issue. For Windows RT 8.1, update to a version that includes the fix for this issue. For Windows Server 2016, update to a version that includes the fix for this issue. For Windows 8.1, update to a version that includes the fix for this issue. For Windows 10, update to a version that includes the fix for this issue. For Windows 10 Servers, update to a version that includes the fix for this issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-0957

Affected Products

Windows

Windows 10

Windows 10 Servers

Windows 8.1

Windows Hyper-V

Windows Rt 8.1

Windows Server 2012 R2

Windows Server 2016

PT-2018-9169 · Microsoft · Windows 10 Servers+7

CVE-2018-0957

Weakness Enumeration

Related Identifiers

Affected Products

References · 7