Critical Microsoft Hyper-V bug could haunt orgs for a long time


Level 75
Content Creator
Malware Hunter
Aug 17, 2014
Technical details are now available for a vulnerability that affects Hyper-V, Microsoft's native hypervisor for creating virtual machines on Windows systems and in the Azure cloud computing environment.

Currently tracked as CVE-2021-28476, the security issue has a critical severity score of 9.9 out of 10. Exploiting it on unpatched machines can have a devastating impact as it allows crashing the host (denial of service) or execute arbitrary code on it.

Terminate VMs or take full control​

The bug is in Hyper-V's network switch driver (vmswitch.sys) and affects Windows 10 and Windows Server 2012 through 2019. It emerged in a build from August 2019 and received a patch earlier this year in May.

Public details about the flaw are scarce at the moment but in a blog post today, researchers Peleg Hadar of SafeBreach and Ophir Harpaz of Guardicore explain where the fault is and why it is exploitable. The two researchers found the bug together and disclosed it privately to Microsoft.
While the Azure service is safe from this issue, some local Hyper-V deployments are likely still vulnerable as not all admins update Windows machines when patches come out.