Microsoft has released the second ever (since the release of Windows Server 2008!) security fix for Hyper-V.
“This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users”.
In other words, you have to be logged into a VM running on the host (be a legit internal user) and have sufficient rights in the VM’s operating system to craft this packet.
The issue affects Windows Server 2008 and Windows Server 2008 R2.
This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.
No related posts.