Remote Code Execution Vulnerability in Hyper-V RemoteFX vGPU

Severity Rating: HIGH
Software Affected 
•Windows Server 2008 R2 for x64-based Systems Service Pack 1  
•Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server
Core installation)
•Windows Server 2012     
•Windows Server 2012 (Server Core installation)    
•Windows Server 2012 R2     
•Windows Server 2012 R2 (Server Core installation)    
•Windows Server 2016    
•Windows Server 2016 (Server Core installation)
Overview 
A vulnerability has been reported in Hyper-V RemoteFX vGPU which could
allow an attacker to conduct remote code execution on the targeted system. 
Description
This vulnerability exists in Hyper-V RemoteFX vGPU due to an error while
validating input from an authenticated user on a guest operating system. A
remote attacker could exploit this vulnerability by running a specially
crafted application, attacking certain third-party video drivers running on
Hyper-V host. 

Successful exploitation of this vulnerability could allow an attacker to
conduct remote code execution on the targeted system. 
Solution
•There is no patch to fix this vulnerability. RemoteFX vGPU has been
deprecated in Windows Server 2019 and users are advised to use Discrete
Device Assignment (DDA) instead of RemoteFX vGPU.
Vendor Information
Microsoft
- -1032
- -1036
- -1040
- -1041
- -1042
- -1043
References
Microsoft
- -1032
- -1036
- -1040
- -1041
- -1042
- -1043
CVE Name
CVE-2020-1032
CVE-2020-1036
CVE-2020-1040
CVE-2020-1041
CVE-2020-1042
CVE-2020-1043

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Related Posts

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top