High severity7.6NVD Advisory· Published May 9, 2018· Updated Jun 17, 2026

CVE-2018-0961

Description

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

Affected products

Microsoft/Hyper-Vllm-fuzzy
Microsoft/Windows 10 1909cpe-rescue
Range: Version 1607 for x64-based Systems
Microsoft/Windows Server 2003cpe-rescue
Range: version 1709 (Server Core Installation)
Microsoft/Windows Server 2016cpe-rescue
Range: (Server Core installation)

Patches

Vulnerability mechanics

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0961nvdPatchVendor Advisory
www.securityfocus.com/bid/104032nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1040843nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.494
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000