2013
12.02

In November, Microsoft released the MS13-092 (aka CVE-2013-3898) security fix for Windows Server 2012 Hyper-V and Windows 8 Client Hyper-V. 

An attacker who successfully exploited this vulnerability could execute arbitrary code as System in another virtual machine (VM) on the shared Hyper-V host. An attacker would not be able to execute code on the Hyper-V host, only on guest VMs on the same host. The vulnerability could also allow denial of service in Hyper-V on the same platforms, allowing an attacker to cause the Hyper-V host to stop responding or restart.

We’ve only had a handful of security fixes for Hyper-V since it was released on Windows Server 2008.  This looks like the most important one of the lot.

Please test/deploy as quickly as you can.

No Comment.

Add Your Comment

Get Adobe Flash player