The problem can be exploited to remotely execute code or trigger a denial of service condition.
Cybersecurity researchers at Guardicore Labs have released details of a critical vulnerability in the Hyper-V hypervisor that Microsoft patched in May 2021.
The vulnerability ( CVE-2021-28476 ) scored 9.9 on the CVSS scale and affects the Hyper-V virtual network switch driver (vmswitch.sys). The problem can be exploited to remotely execute code or trigger a denial of service condition.
The vulnerability affects Windows 7, 8.1, and 10, as well as Windows Server 2008, 2012, 2016 and 2019. An attacker running an Azure VM could exploit the vulnerability by sending a specially crafted packet to a Hyper-V host.
“Catching a denial-of-service state to a Microsoft Azure VM will cause major parts of the Azure infrastructure to fail and shutdown all VMs that use the same computer system,” the experts explained.
An attacker who can exploit the RCE vulnerability can take control of the system and the virtual machines running on it, thus gaining access to confidential information and the ability to launch malicious payloads.
The problem is related to the fact that when processing OID requests, the vmswitch does not check the value of the request and may dereference an invalid pointer.
According to the researchers, there are two attack scenarios: when an invalid pointer causes the Hyper-V host to crash, or when the host’s kernel reads from a memory-mapped device register, leading to remote code execution.
Catch up on more stories here
Follow us on Facebook here