Microsoft Windows Hyper-V Arbitrary Code Execution Vulnerability



A vulnerability in the Hyper-V component of Microsoft Windows could allow a local attacker on a guest system to execute arbitrary code on the host operating system.

The vulnerability is due to insufficient validation of user-supplied input. An attacker on a guest operating system could exploit this vulnerability by executing an application that submits malicious input to a targeted host operating system. A successful exploit could allow the attacker to execute arbitrary code on the host operating system.

Microsoft confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-8489

Source:: Cisco Multivendor Vulnerability Alerts