Two weeks ago, I describe a true circumstance where a Hyper-V server was hacked (both a child VM and the parent system), and I was pulled in afterward to fix the resulting issues. The manner of the attack gave the appearance of a potential escape attack but without evidence this had occurred -- a mystery indeed.
Some folks at Microsoft read the article and offered to lend a hand in tracking down the cause of the hack. The investigation revealed several breaches of etiquette with regard to server security, especially in relation to Hyper-V. For starters, the parent system had additional software installed, including remote sharing application software called TeamViewer. Apparently the username and password for the administrator's account had been given out to others. Thus, the hack apparently was the result of a direct attack, not of the theoretical escape attack.
[ Don't look now, but your antivirus may be killing your virtualization infrastructure. InfoWorld's Matt Prigge shows you how to detect the warning signs. | Stay atop key Microsoft technologies in our Technology: Microsoft newsletter. ]
In addition, it appears that form of attack would not be possible with Hyper-V. Hyper-V is not susceptible to the guest-to-host escape vulnerability (aka a VM escape) that InfoWorld has described. The guest-to-host escape vulnerability applies only to virtualization frameworks (such as in Xen and EMC VMware) with operation modes that do not use hardware virtualization extensions but instead operate through techniques such as ring deprivileging to perform machine virtualization.