Many organizations likely haven’t patched against this critical Hyper-V issue

A critical vulnerability in Hyper-V’s virtual network switch driver is likely unpatched by many organizations.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

What you need to know

A critical vulnerability in Hyper-V’s virtual network was discovered by Guardicore Labs and SafeBreach Labs. If exploited, an attacker can “take down whole regions of the cloud,” according toGuardicore.

The vulnerability affects Windows 10 as well as Windows Server 2021 through 2019. SafeBreach’s Peleg Hadar and Gardicore’s Opher Harpaz discovered the fault and will discuss it at theBlack Hat security conferencein August 2021. The researchers have already privately disclosed the vulnerability to Microsoft.

As explained byBleepingComputer, the vulnerability can be used to terminate all virtual machines running on a Hyper-V host. An attacker could also gain control of a host and all virtual machines attached to it. To exploit the vulnerability, an attacker needs to have access to a guest virtual machine.

First appearing in August 2019, the vulnerability was given a 9.9/10 critical severity score by Microsoft. The vulnerability was labeledCVE-2021-28476by Microsoft.

The issue is quite technical, but Harpaz and Hadar explain its risks in layman’s terms:

What made this vulnerability so lethal is the combination of a hypervisor bug – an arbitrary pointer dereference – with a design flaw allowing a too-permissive communication channel between the guest and the host.Vulnerabilities like CVE-2021-28476 demonstrate the risks that a shared resource model (e.g. a public cloud) brings. Indeed, in cases of shared infrastructures, even simple bugs can lead to devastating results like denial of service and remote code execution.

Microsoft released a patch for this vulnerability in May 2021, but Harpaz told BleepingComputer that some vulnerabilities remain unpatched for years.

“There are so many Windows Servers today that are vulnerable to well-known bugs, I won’t be surprised if this bug stays unpatched for a very long time in organizations,” said Harpaz.

Get the Windows Central Newsletter

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He’s covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean’s journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.