Windows Hyper-V Integer Underflow Vulnerability

MEDIUM (5.3) No Patch (5 days)
cwe-191denial-of-servicehyper-vmicrosoftvulnerabilitywindows-server

Threat Intelligence

Low Risk
EPSS Score: 0.09% chance of exploitation (percentile: 25%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Windows Hyper-V is a virtualization platform used by Microsoft to create and manage virtual machines. The vulnerability allows an authorized attacker to deny service over a network by exploiting an integer underflow in the Windows Hyper-V.

Am I affected?

Specific version info not stated in the advisory.

Affected Packages

maven: microsoft/windows-server-core nuget: Microsoft.WindowsServer.Core

Affected Products

Microsoft / Windows Server

How to fix

  1. Apply the latest security updates from Microsoft:

  2. https://support.microsoft.com/en-us/help/4507472/windows-server-2019-and-windows-server-2022-security-update-july-2023

  3. Immediate mitigations:

  4. Disable Hyper-V on non-production servers or networks to prevent exploitation.

References