|T O P I C R E V I E W
||Posted - 06/14/2012 : 11:16:36 PM
|6 L A T E S T R E P L I E S (Newest First)
||Posted - 06/17/2012 : 2:13:16 PM
> but if Windows can be hacked isn't Hyper-V still vunerable from the sense you could shut down the Hyper-V hosts and all their VM's completely by shutting down Windows?
Absolutely. I think the point is that you cannot do so from a VM. It's always the case that if you own the host, then you own the VM's. Attacking one VM from another is a different story, and one that would fly if you could go from Ring 3 to Ring -1.
||Posted - 06/17/2012 : 09:34:51 AM
The KB said "This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2."
So while Hyper-V may not be affected because of what ring it lives in, partioning, and all that fun stuff... what I want to know is can or does Hyper-V run or exist without the Windows kernel? Granted its accessing the hardware directly for resources etc so we can blur the lines of what a Type-1 hypervisor is, but if Windows can be hacked isn't Hyper-V still vunerable from the sense you could shut down the Hyper-V hosts and all their VM's completely by shutting down Windows?
I know this isn't the most critical vunerability ever since the kb said "the attacker must have valid logon credentials and be able to logon locally" but that being said it brings up an interesting discussion.
||Posted - 06/17/2012 : 01:59:01 AM
Yes I was curious about that, as Ring -1 was promoted as the safe place.
But what is the interaction between say Hyper-V manager on a host or SCVMM and the hypervisor. I know hyper-v does not have shared folders like VMware, again that was toted as a security measure.
||Posted - 06/16/2012 : 2:05:25 PM
Hyper-V is not affected. Believe me, it would not be just an "important" patch if it were affected :-)_
Reading the original post I see that the escalation is from Ring 3 (user mode) to Ring 0 (kernel). The Hyper-V hypervisor lives at Ring -1.
||Posted - 06/16/2012 : 10:46:24 AM
Good thing I have an AMD CPU
||Posted - 06/15/2012 : 6:36:49 PM
Aidan posted on this as well
I'd like to ask one question.
There is a hotfix mentioned in the first post, but you say Hyper-V isn't effected in the second post.
So does this mean that Server 2008 and Server 2008R2 Hyper-V is vulnerable, but the Windows 8 Beta and Server 2012 RC are not vulnerable?