CVE-2019-0715

Q: What is the severity of CVE-2019-0715?

CVE-2019-0715 has a CVSS score of 5.8 (MEDIUM). This vulnerability allows a privileged attacker on a Hyper-V guest virtual machine to crash the host server by sending specially crafted network packets. It affects Microsoft Hyper-V hosts running Windows Server 2012-2019. The attacker must already have administrative access to a guest VM.

5.8 MEDIUM

Denial of Service

📋 TL;DR

This vulnerability allows a privileged attacker on a Hyper-V guest virtual machine to crash the host server by sending specially crafted network packets. It affects Microsoft Hyper-V hosts running Windows Server 2012-2019. The attacker must already have administrative access to a guest VM.

💻 Affected Systems

Products:

Microsoft Hyper-V Network Switch

Versions: Windows Server 2012, 2012 R2, 2016, 2019; Windows 10 1803, 1809, 1903

Operating Systems: Windows Server, Windows 10

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Hyper-V hosts with virtual switches configured. Requires attacker to have admin privileges on guest VM.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service causing host server crash, affecting all VMs on that host and potentially disrupting critical services.

🟠

Likely Case

Temporary service disruption requiring host reboot, causing downtime for all VMs on affected host.

🟢

If Mitigated

Minimal impact if proper network segmentation and privilege controls prevent attackers from gaining guest VM admin access.

🌐 Internet-Facing: LOW - Requires privileged access to guest VM, not directly exploitable from internet.

🏢 Internal Only: MEDIUM - Internal attackers with guest VM admin privileges could disrupt virtualization infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires administrative access to guest VM and knowledge of Hyper-V internals. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates from May 2019 (KB4499164, KB4499181, etc.)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0715

Restart Required: Yes

Instructions:

1. Apply May 2019 security updates from Windows Update. 2. For Windows Server, use Windows Server Update Services. 3. Restart affected Hyper-V hosts after patching.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate guest VMs from each other and restrict network access to minimize attack surface

Privilege Reduction

all

Minimize administrative access to guest VMs and implement least privilege principles

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized administrative access to guest VMs
Monitor Hyper-V host stability and implement redundancy for critical VMs

🔍 How to Verify

Check if Vulnerable:

Check Windows version and verify May 2019 security updates are not installed

Check Version:

wmic os get caption,version,buildnumber

Verify Fix Applied:

Verify May 2019 security updates (KB4499164, KB4499181, etc.) are installed via Windows Update history

📡 Detection & Monitoring

Log Indicators:

Hyper-V host crashes or unexpected reboots
Event ID 41 (Kernel-Power) with bugcheck code

Network Indicators:

Unusual network traffic patterns from guest VMs to Hyper-V virtual switch

SIEM Query:

EventID=41 AND Source="Microsoft-Windows-Kernel-Power" AND Description contains "HYPERVISOR_ERROR"

📊 Metadata

CVE ID: CVE-2019-0715

CVSS v3 Score: 5.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-20

Published: August 14, 2019

Last Updated: February 20, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0715 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0715 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Privilege Reduction

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities