CVE-2020-0910: 
vulnerability analysis and mitigation

A remote code execution vulnerability identified as CVE-2020-0910 was discovered in Windows Hyper-V. The vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. This vulnerability was disclosed on April 14, 2020, and affects Windows 10 and Windows Server 2019 systems running Hyper-V (NVD, Rapid7).

The vulnerability has been assigned a CVSS score of 8.0, indicating a high severity level. The attack vector is adjacent network (AV:A), with low attack complexity (AC:L), requiring single authentication (Au:S), and potentially resulting in complete compromise of confidentiality, integrity, and availability (C:C/I:C/A:C) (Rapid7).

If successfully exploited, this vulnerability could allow an authenticated attacker on a guest operating system to execute arbitrary code on the host server through Windows Hyper-V, potentially leading to complete system compromise (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through KB4549949 for Windows 10 version 1809 and Windows Server 2019, and KB4549951 for Windows 10 versions 1903 and 1909 (Rapid7).