Skip to main content
Patch Management

Microsoft fixes Hyper-V bug in Windows

By November 18, 2015June 22nd, 2022No Comments

While it’s not critical, this Hyper-V bug can cause denial-of-service issues in guest VMs

Microsoft fixed an issue in its Hyper-V hypervisor that, if exploited, could have resulted in a denial-of-service condition.

The issue exists on the hardware level in certain chip sets, but users who run Hyper-V on Windows Server 2008, Windows Server 2008 R2, Professional and Enterprise versions of Windows 8 and Windows 8.1, Windows Server 2012, Windows Server 2012 R2, and all x64-based versions of Windows 10 except Home edition were at risk, Microsoft said in its advisory (3108638). Customers running Windows Server Technical Preview 3 are also affected. Microsoft rated the two vulnerabilities (CVE-2015-5307 and CVE-2015-8104) as Important and released the patch addressing them alongside the regular update cycle this week.

“The update circumvents the CPU weakness by preventing a guest operating system from triggering the unresponsive state in the host system’s CPU,” Microsoft said.

[vc_single_image image=”7291″ img_size=”full” alignment=”center”]

Guests on a Hyper-V system could trigger the flaw in the CPU chip set to issue instructions that could place the host system into a nonresponsive state, resulting in a denial-of-service condition for guest operating systems. The attacker would have to first secure kernel-mode code execution privileges on the guest operating system in order to trigger this denial-of-service condition. No known attacks are exploiting the issue in the wild.

The Common Vulnerability Scoring System (CVSS) score for this vulnerability is only 2.1 (out of 10); although the potential impact caused by this vulnerability is high, the likelihood of this being used in your environment is reasonably low, said Robert Brown, director of services for Verismic.

[vc_single_image image=”7519″ img_size=”full” alignment=”center”]

Microsoft did not specify in the advisory which chip sets had the weakness. Unlike Xen and VMware, Hyper-V functions only on systems with hardware support for virtualization, such as servers with Intel VT-x and AMD-V hardware virtualization extensions. As a result, Hyper-V is typically not at risk for escape attacks, where the attackers target the guest system in order to compromise the host.

“The vulnerability can impact the Hyper-V system in a way which causes the system to become unresponsive and can lead to a denial of attack on any guest operating systems — you can see why Microsoft have stepped in,” Brown said.

Customers should apply the update for the appropriate operating system to protect against the denial-of-service condition.

Read the full article at