Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

This Hyper-V vulnerability could plague Microsoft users for some time

Image Description

New details have emerged about a critical remote code execution vulnerability in Hyper-V that was discovered by cybersecurity researchers and patched in May 2021.

The vulnerability, tracked as CVE-2021-28476 was reported to Microsoft by Guardicore Labs’ Ophir Harpaz and SafeBreach Labs’ Peleg Hadar, and was assigned a CVSS score of 9.9.

“Hyper-V is Azure’s hypervisor; for this reason, a vulnerability in Hyper-V entails a vulnerability in Azure, and can affect whole regions of the public cloud. Triggering denial of service from an Azure VM would crash major parts of Azure’s infrastructure and take down all virtual machines (VM) that share the same host,” note the researchers in a new joint blog post.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window

The vulnerability was found using an in-house developed fuzzer dubbed hAFL1, which the researchers will detail in next month’s Black Hat USA 2021 conference.

Businesses are slow to patch

The bug originates in Hyper-V's network switch driver named vmswitch, and affects all versions of Windows from Windows 7 upwards, including Windows 10, as well as Windows Server 2008 through to Windows Server 2019. 

The researchers note that the vulnerability was first spotted in August 2019, which suggests to them that the bug might have been in production for over a year before it was discovered and patched.

To exploit the vulnerability, the attacker must have access to a guest VM through which they can send a specially crafted packet to the Hyper-V host to trigger mayhem.

While Microsoft has ensured that the Azure service is safe from this issue, Harpaz told BleepingComputer that it is fairly common for vulnerabilities to remain unpatched for years on machines in enterprise networks.

Date

29 Jul 2021

Sources


Share


Other Blog

  • Black Friday tablet deal: the iPad Mini has a big price cut right now at Amazon

    You can save big on an iPad Mini in the Black Friday tablet deals, as long as you don't need cellular connection.

    Read More
  • Overclocked AMD Radeon RX 6800 XT performance apparently matches the Nvidia RTX 3090

    A screenshot has been revealed of the GPU running with a clock speed of 2.55 GHz.

    Read More
  • Google, Facebook, Amazon mull options for rival to NPCI - We tell you why

    Google, Facebook and Amazon are considering various options to tie up with Indian firms to set up a rival to the National Payments Corporation of India (NPCI) and get a bigger play in the digital payments market in India.

    Read More
  • Lenovo wants to jazz up your old-fashioned meeting rooms

    Lenovo's ThinkSmart Core can be deployed as a full room kit or added to workspaces already equipped with Teams-certified devices.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us