When you manage a Microsoft Windows server farm, you are always on standby and red alert every second Tuesday of the month for the event that has become known as Patch Tuesday. On this day, Windows administrators are ready to hear the latest news coming out of Redmond about any new security announcements that may be affecting their infrastructure.
In an interesting twist, the latest Patch Tuesday event for February brought with it something new to the table: the first Microsoft-released patch for a new vulnerability (977894) discovered in Microsoft Hyper-V, Microsoft's virtualization hypervisor platform. The vulnerability was found to affect all x64-based editions of Windows Server 2008, Windows Server 2008 R2, Hyper-V Server 2008, and Hyper-V Server 2008 R2.
[ Doing server virtualization right is not so simple. InfoWorld's expert contributors show you how to get it right in this 24-page "Server Virtualization Deep Dive" PDF guide. ]
It is reported that a DoS attack could be executed if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. Doing so could cause the affected Hyper-V server to stop responding and require it to be restarted, and of course if this happened, it could also cause any and all virtual machines on that host to also become non-responsive and problematic.
The problem here that would have kept me up at night is the fact that this flaw would allow a guest machine to affect the health of the parent or host server and ultimately other guest machines on that same server. Luckily, this particular vulnerability isn't remotely exploitable, and an attacker would have to have valid log-on credentials and be able to log on locally into a guest virtual machine in order to wreak havoc.
This patch is only meant to be installed on the host server and not within the guest virtual machine. Environments that are configured with Automatic Updates enabled won't need to be patched manually, as this patch will be rolled out and applied automatically when that's the case.
The patch does, however, require a reboot, which means the host server and any guest virtual machines on that server will need to be powered down -- that is, unless you are running R2 in your environment and using Live Migration to move workloads around without downtime.
As your x86 environment becomes more and more virtualized, it will prove even more important to keep an eye out on each Patch Tuesday for any virtualization host server-related vulnerabilities like this one.
Additional information about this Hyper-V security patch can be found on Microsoft's Website.