Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2024-30092: Windows Hyper-V Remote Code Execution Vulnerability

Under what circumstances might this vulnerability be exploited other than as a denial of service attack against a Hyper-V host?

This issue allows a guest VM to force the Hyper-V host’s kernel to read from an arbitrary, potentially invalid address. The contents of the address read would not be returned to the guest VM. In most circumstances, this would result in a denial of service of the Hyper-V host (bugcheck) due to reading an unmapped address. It is possible to read from a memory mapped device register corresponding to a hardware device attached to the Hyper-V host which may trigger additional, hardware device specific side effects that could compromise the Hyper-V host’s security.

Microsoft Security Response Center
#vulnerability#windows#dos#rce#Windows Hyper-V#Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-11395: Chromium: CVE-2024-11395 Type Confusion in V8