CVE-2022-24490: 
vulnerability analysis and mitigation

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability (CVE-2022-24490) was disclosed on April 12, 2022. This vulnerability affects Microsoft Windows Server systems, specifically their Hyper-V shared virtual hard disk functionality (Rapid7).

The vulnerability has been assigned a CVSS v2.0 base score of 6.8 (Medium severity), with the following vector: (AV:N/AC:L/Au:S/C:C/I:N/A:N). This indicates that the vulnerability is network-accessible, requires low attack complexity, needs single authentication, and can result in complete confidentiality impact without affecting integrity or availability (Rapid7).

The vulnerability could allow an attacker to obtain sensitive information from the affected systems through the Windows Hyper-V Shared Virtual Hard Disks component. This information disclosure vulnerability could potentially expose confidential data stored within the virtual hard disk systems (MITRE CVE).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5012596 for Windows Server 2016, KB5012647 for Windows Server 2019, and KB5012604 for Windows Server 2022 (Rapid7).