Cybersecurity researchers at Guardicore Labs have released details of a critical vulnerability in Hyper-V hypervisor that Microsoft patched in May 2021.

The vulnerability (CVE-2021-28476) rated with a CVSS score of 9.9, impacts the Hyper-V driver (vmswitch.sys). The issue could be exploited to achieve remote code execution or cause a denial of service condition.

The vulnerability affects Windows 7, 8.1, and 10, as well as Windows Server 2008, 2012, 2016 and 2019. An attacker with an Azure virtual machine could exploit the vulnerability by sending a crafted packet to the Hyper-V host.

“Triggering denial of service from an Azure VM would crash major parts of Azure’s infrastructure and take down all virtual machines that share the same host,” the experts explained.

An attacker capable of exploiting the RCE vulnerability could take control over the host and the VMs running on it, thus having access to sensitive information and being able to run malicious payloads.

Source: securitylab.ru