Microsoft doesn’t lift its head when it comes to security. Of course, 2021 is not being the best year for the company in this regard. In case we had little with the bugs that Microsoft has been solving month by month (some of them very serious, such as printers), now a new and very dangerous security flaw in Hyper-V has just appeared that allows anyone remotely lock PCs or run code on them. A failure that, of course, is going to give a lot to talk about.
Hyper-V is Microsoft’s hypervisor thanks to which it is possible to create virtual machines in the operating system (and within the Azure platform) without the need to resort to, for example, VirtualBox . This hypervisor is also responsible for the functioning of platforms, such as Docker , and even for some functions of the operating system, such as the Windows subsystem for Linux, WSL, to function equally without problems.
The ruling is not new, but has been released now
A few hours ago a new security flaw was released, registered with the code CVE-2021-28476 . This security flaw has received a dangerousness score of 9.9 out of 10 , and can have a devastating impact on computers that are not updated since it can allow from denial of service (that is, lock the PC and make it unusable) to Remote code execution on any Windows 10 PC or Windows Server.
The security flaw is found specifically within the vmswitch.sys driver , and affects all versions of Windows 10, and Windows Server from 2012 to 2019. The vulnerability in question is that the Hyper-V virtual switch does not validates the identifiers of the objects. In this way, an attacker who had access to a virtual machine created within a Windows 10 or Windows Server system could send a packet to this driver and communicate directly with the host system (the main PC), managing to block the entire server or obtaining full control over it and all other virtual machines.
How to protect Windows from this flaw in Hyper-V
Luckily, this security flaw is not zero-day. The security researchers who discovered it reported it last May to Microsoft, who quietly fixed it with its security patches. However, the details of the vulnerability have now come to light, explaining to everyone why this flaw and why it can be exploited.
The Azure platform was already patched by Microsoft some time ago, so it does not pose a danger. And, users and companies who have their Windows updated with the latest security patches are not in danger either. The problem is that there are many PCs, especially from companies, that do not install the new patches. We have already seen massacres with ransomware such as WannaCry or NotPetya in the past, and we have not learned anything. Therefore, security researchers believe that this security flaw can be with us for a long time, and give a lot to talk about.
If we do not use Microsoft virtualization we can also disable Hyper-V so that our PC is not in danger.