Medium severity5.4NVD Advisory· Published Sep 13, 2018· Updated Jun 17, 2026

CVE-2018-8434

Description

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Affected products

Microsoft/Hyper-Vllm-fuzzy
Microsoft/Windows 10 1909cpe-rescue
Range: Version 1607 for x64-based Systems
Microsoft/Windows Server 2003cpe-rescue
Range: version 1709 (Server Core Installation)
Microsoft/Windows 7cpe-rescue
Range: x64-based Systems Service Pack 1
Microsoft/Windows 8.1cpe-rescue
Range: x64-based systems
Microsoft/Windows Rt 8.1cpe-rescue
Range: Windows RT 8.1
Microsoft/Windows Server 2008cpe-rescue2 versions
x64-based Systems Service Pack 2+ 1 more
- (no CPE)range: x64-based Systems Service Pack 2
- (no CPE)range: x64-based Systems Service Pack 1
Microsoft/Windows Server 2012cpe-rescue2 versions
(Server Core installation)+ 1 more
- (no CPE)range: (Server Core installation)
- (no CPE)range: (Server Core installation)
Microsoft/Windows Server 2016cpe-rescue
Range: (Server Core installation)

Patches

Vulnerability mechanics

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8434nvdPatchVendor Advisory
www.securityfocus.com/bid/105239nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1041624nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000