High severity7.6NVD Advisory· Published May 9, 2018· Updated Jun 17, 2026

CVE-2018-0959

Description

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Affected products

Microsoft/Hyper-Vllm-fuzzy
Microsoft/Windows 10 1909cpe-rescue
Range: Version 1607 for x64-based Systems
Microsoft/Windows Server 2003cpe-rescue
Range: version 1709 (Server Core Installation)
Microsoft/Windows 7cpe-rescue
Range: x64-based Systems Service Pack 1
Microsoft/Windows 8.1cpe-rescue
Range: x64-based systems
Microsoft/Windows Rt 8.1cpe-rescue
Range: Windows RT 8.1
Microsoft/Windows Server 2008cpe-rescue2 versions
x64-based Systems Service Pack 2+ 1 more
- (no CPE)range: x64-based Systems Service Pack 2
- (no CPE)range: x64-based Systems Service Pack 1
Microsoft/Windows Server 2012cpe-rescue2 versions
(Server Core installation)+ 1 more
- (no CPE)range: (Server Core installation)
- (no CPE)range: (Server Core installation)
Microsoft/Windows Server 2016cpe-rescue
Range: (Server Core installation)

Patches

Vulnerability mechanics

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0959nvdPatchVendor Advisory
www.securityfocus.com/bid/104031nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1040843nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.494
epss	0.008
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000