High severity8.4NVD Advisory· Published Oct 10, 2018· Updated Jun 17, 2026

CVE-2018-8489

Description

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8490.

Affected products

Microsoft/Hyper-Vllm-fuzzy
Microsoft/Windows 10 1909cpe-rescue
Range: Version 1607 for x64-based Systems
Microsoft/Windows Server 2003cpe-rescue
Range: version 1709 (Server Core Installation)
Microsoft/Windows 7cpe-rescue
Range: x64-based Systems Service Pack 1
Microsoft/Windows 8.1cpe-rescue
Range: x64-based systems
Microsoft/Windows Rt 8.1cpe-rescue
Range: Windows RT 8.1
Microsoft/Windows Server 2008cpe-rescue2 versions
x64-based Systems Service Pack 2+ 1 more
- (no CPE)range: x64-based Systems Service Pack 2
- (no CPE)range: x64-based Systems Service Pack 1
Microsoft/Windows Server 2012cpe-rescue2 versions
(Server Core installation)+ 1 more
- (no CPE)range: (Server Core installation)
- (no CPE)range: (Server Core installation)
Microsoft/Windows Server 2016cpe-rescue
Range: (Server Core installation)
Microsoft/Windows Server 2019cpe-rescue
Range: (Server Core installation)

Patches

Vulnerability mechanics

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8489nvdPatchVendor Advisory
www.securityfocus.com/bid/105479nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1041834nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000