Primary

Context

Microsoft High Performance Compute Pack Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Microsoft High Performance Compute Pack (HPC) versions 2019 Update 2 and prior, as well as in HPC Pack 2016. This vulnerability arises from the deserialization of untrusted data, allowing an unauthorized attacker to execute code over the network. Exploitation of this vulnerability does not require user interaction or special privileges.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users of Microsoft HPC Pack 2019 Update 2 should upgrade to HPC Pack 2019 Update 3 (Build 6.3.8328) and then apply the QFE patch (Build 6.3.8352). Users currently on HPC Pack 2016 must migrate to version 2019, as there is no direct update available from 2016 to 2019.

Added: Sep 9, 2025, 5:48 PM

Updated: Sep 9, 2025, 5:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft High Performance Compute Pack Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating