Microsoft fixed an issue in its Hyper-V hypervisor that, if exploited, could have resulted in a denial-of-service condition.
The issue exists on the hardware level in certain chip sets, but users who run Hyper-V on Windows Server 2008, Windows Server 2008 R2, Professional and Enterprise versions of Windows 8 and Windows 8.1, Windows Server 2012, Windows Server 2012 R2, and all x64-based versions of Windows 10 except Home edition were at risk, Microsoft said in its advisory (3108638). Customers running Windows Server Technical Preview 3 are also affected. Microsoft rated the two vulnerabilities (CVE-2015-5307 and CVE-2015-8104) as Important and released the patch addressing them alongside the regular update cycle this week.
"The update circumvents the CPU weakness by preventing a guest operating system from triggering the unresponsive state in the host system's CPU," Microsoft said.
Guests on a Hyper-V system could trigger the flaw in the CPU chip set to issue instructions that could place the host system into a nonresponsive state, resulting in a denial-of-service condition for guest operating systems. The attacker would have to first secure kernel-mode code execution privileges on the guest operating system in order to trigger this denial-of-service condition. No known attacks are exploiting the issue in the wild.
The Common Vulnerability Scoring System (CVSS) score for this vulnerability is only 2.1 (out of 10); although the potential impact caused by this vulnerability is high, the likelihood of this being used in your environment is reasonably low, said Robert Brown, director of services for Verismic.
Microsoft did not specify in the advisory which chip sets had the weakness. Unlike Xen and VMware, Hyper-V functions only on systems with hardware support for virtualization, such as servers with Intel VT-x and AMD-V hardware virtualization extensions. As a result, Hyper-V is typically not at risk for escape attacks, where the attackers target the guest system in order to compromise the host.
"The vulnerability can impact the Hyper-V system in a way which causes the system to become unresponsive and can lead to a denial of attack on any guest operating systems -- you can see why Microsoft have stepped in," Brown said.
Customers should apply the update for the appropriate operating system to protect against the denial-of-service condition.
Hyper-V uses dynamic memory to intelligently add and remove memory to VMs based on memory usage by processes, so it's not susceptible to memory duplication attacks, either. However, Hyper-V could still have issues. Back in September, Microsoft addressed a vulnerability that could allow security feature bypass if an attacker ran a specially crafted application causing Hyper-V to incorrectly apply access control list configuration settings. That vulnerability affected Windows 8.1 for x64-based systems, Windows Server 2012 R2, and Windows.