Microsoft does not lift its head when it comes to security. Of course, 2021 is not being the best year for the company in this regard. In case we had little with the bugs that Microsoft has been solving month by month (some of them very serious, such as printers), now a new and very dangerous security flaw has just appeared in Hyper-V that allows anyone remotely lock PCs or run code in them. A failure that, of course, will give a lot to talk about.
Hyper-V is Microsoft’s hypervisor thanks to which it is possible to create virtual machines in the operating system (and within the Azure platform) without the need to resort to, for example, VirtualBox. This hypervisor is also responsible for the functioning of platforms, such as Docker, and even that some functions of the operating system, such as the Windows subsystem for Linux, WSL, work equally without problems.
The ruling is not new, but has been released now
A few hours ago a new security flaw was made known, registered with the code CVE-2021-28476. This security flaw has received a dangerous score of 9.9 points out of 10, and it can have a devastating impact on computers that are not up to date since it can allow anything from denial of service (that is, locking the PC and rendering it unusable) to remote code execution on any Windows 10 PC or Windows server Server.
The security breach is specifically within the driver vmswitch.sys, and affects all versions of Windows 10, and Windows Server from 2012 to 2019. The vulnerability in question is that the Hyper-V virtual switch does not validate the identifiers of the objects. In this way, an attacker who had access to a virtual machine created within a Windows 10 or Windows Server system it could send a packet to this driver and communicate directly with the host system (the main PC), managing to block the entire server or gaining full control over it and all other virtual machines.
How to protect Windows from this flaw in Hyper-V
Luckily, this security flaw is not zero-day. The security researchers who discovered it reported it last May to Microsoft, who quietly fixed it with its security patches. However, the details of the vulnerability have now come to light, explaining to everyone why this flaw and why it can be exploited.
The Azure platform was already patched by Microsoft some time ago, so it does not pose a danger. And, users and companies that have their Windows updated with the latest patches security are not in danger either. The problem is that there are many PCs, especially from companies, that do not install the new patches. We have already seen in the past massacres with ransomware like WannaCry or NotPetya, and we haven’t learned anything. Therefore, security researchers believe that this security flaw can be with us for a long time, and give a lot to talk about.
If we do not use Microsoft’s virtualization, we can also disable Hyper-V so that our PC is not in danger.