CVE-2020-0904 – A denial of service vulnerability in Microsoft ... (How to Fix)

Q: What is the severity of CVE-2020-0904?

CVE-2020-0904 has a CVSS score of 6.5 (MEDIUM). A denial of service vulnerability in Microsoft Hyper-V allows an attacker with privileged access on a guest virtual machine to crash the host server by sending malicious data. This affects organizations running Hyper-V virtualization with untrusted or compromised guest VMs. The vulnerability requires an attacker to already have elevated privileges within a guest VM.

📋 TL;DR

A denial of service vulnerability in Microsoft Hyper-V allows an attacker with privileged access on a guest virtual machine to crash the host server by sending malicious data. This affects organizations running Hyper-V virtualization with untrusted or compromised guest VMs. The vulnerability requires an attacker to already have elevated privileges within a guest VM.

💻 Affected Systems

Products:

Microsoft Hyper-V

Versions: Multiple Windows Server versions with Hyper-V enabled

Operating Systems: Windows Server 2012, 2012 R2, 2016, 2019, Windows 10

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Hyper-V role enabled and running guest virtual machines. The attacker must have administrative privileges on a guest VM.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete host server crash leading to denial of service for all virtual machines running on that host, potentially causing business disruption and data loss.

🟠

Likely Case

Host server instability or crash affecting multiple VMs, requiring manual intervention and downtime to restore services.

🟢

If Mitigated

Minimal impact if guest VMs are properly secured and monitored, with rapid detection and isolation of compromised VMs.

🌐 Internet-Facing: LOW - This vulnerability requires access to a guest VM, not direct internet exposure of the Hyper-V host.

🏢 Internal Only: HIGH - Attackers with compromised guest VM access can exploit this from within the network to disrupt critical virtualization infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to already have administrative access to a guest VM and knowledge of the vulnerability to craft malicious requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2020 security updates for affected Windows versions

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0904

Restart Required: Yes

Instructions:

1. Apply March 2020 security updates from Windows Update. 2. For Windows Server, use Windows Server Update Services (WSUS). 3. Restart affected Hyper-V hosts after patching.

🔧 Temporary Workarounds

Isolate guest VMs

all

Segment guest VMs into separate virtual networks and limit communication between VMs to reduce attack surface.

Restrict guest VM privileges

all

Implement least privilege access controls on guest VMs to prevent attackers from gaining administrative access needed for exploitation.

🧯 If You Can't Patch

Implement strict access controls and monitoring on guest VMs to detect and prevent privilege escalation
Isolate critical Hyper-V hosts from general network access and implement network segmentation

🔍 How to Verify

Check if Vulnerable:

Check if Hyper-V role is enabled and verify Windows version is before March 2020 updates. Use: Get-WindowsFeature -Name Hyper-V

Check Version:

wmic os get Caption,Version,BuildNumber

Verify Fix Applied:

Verify Windows Update history shows March 2020 security updates installed and Hyper-V service is running normally.

📡 Detection & Monitoring

Log Indicators:

Hyper-V host crashes or unexpected restarts
Event ID 41 in Windows System logs (unexpected shutdown)
Increased Hyper-V error events

Network Indicators:

Unusual traffic patterns from guest VMs to Hyper-V host management interfaces

SIEM Query:

EventID=41 AND Source="Microsoft-Windows-Kernel-Power" AND ComputerName contains "HYPERV"

📊 Metadata

CVE ID: CVE-2020-0904

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-20

Published: September 11, 2020

Last Updated: February 23, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0904 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0904 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-0904, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Isolate guest VMs

Restrict guest VM privileges

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities