| Author |
 Topic  |
|
|
Scott.Calvet
Welcome Newcomer
USA
18 Posts
Status: offline |
|
|
wobble_wobble
Honorable But Hopeless Addict
Ireland
4516 Posts
Status: offline |
 Posted - 06/15/2012 : 6:36:49 PM
|
Aidan posted on this as well
http://www.aidanfinn.com/?p=12837
http://www.aidanfinn.com/?p=12838
I'd like to ask one question.
There is a hotfix mentioned in the first post, but you say Hyper-V isn't effected in the second post.
So does this mean that Server 2008 and Server 2008R2 Hyper-V is vulnerable, but the Windows 8 Beta and Server 2012 RC are not vulnerable?
|
Joe
After everything that has happened during the month of Jan 07, I do believe that pigs fly backwards!
http://whatismyv6.com/ |
 |
|
|
NMDANGE
Honorable But Hopeless Addict
USA
2054 Posts
Status: offline |
Posted - 06/16/2012 : 10:46:24 AM
|
Good thing I have an AMD CPU  |
Michael D'Angelo
(former)MVP-MIIS, Pace University Senior Systems Administrator (Windows)
(MS)NMDANGE
PhoeniX WorX Systems Administrator. If you play Total Annihilation, please join us. http://www.phoenixworx.org |
|
|
|
wkasdo
Administrator
Netherlands
7403 Posts
Status: offline |
Posted - 06/16/2012 : 2:05:25 PM
|
Hyper-V is not affected. Believe me, it would not be just an "important" patch if it were affected :-)_
Reading the original post I see that the escalation is from Ring 3 (user mode) to Ring 0 (kernel). The Hyper-V hypervisor lives at Ring -1. |
Make it as simple as you can, but not simpler -- Albert Einstein |
|
|
|
wobble_wobble
Honorable But Hopeless Addict
Ireland
4516 Posts
Status: offline |
Posted - 06/17/2012 : 01:59:01 AM
|
Willem,
Yes I was curious about that, as Ring -1 was promoted as the safe place.
But what is the interaction between say Hyper-V manager on a host or SCVMM and the hypervisor. I know hyper-v does not have shared folders like VMware, again that was toted as a security measure.
|
Joe
After everything that has happened during the month of Jan 07, I do believe that pigs fly backwards!
http://whatismyv6.com/ |
Edited by - wobble_wobble on 06/17/2012 02:00:54 AM |
|
|
|
Scott.Calvet
Welcome Newcomer
USA
18 Posts
Status: offline |
Posted - 06/17/2012 : 09:34:51 AM
|
The KB said "This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2."
So while Hyper-V may not be affected because of what ring it lives in, partioning, and all that fun stuff... what I want to know is can or does Hyper-V run or exist without the Windows kernel? Granted its accessing the hardware directly for resources etc so we can blur the lines of what a Type-1 hypervisor is, but if Windows can be hacked isn't Hyper-V still vunerable from the sense you could shut down the Hyper-V hosts and all their VM's completely by shutting down Windows?
I know this isn't the most critical vunerability ever since the kb said "the attacker must have valid logon credentials and be able to logon locally" but that being said it brings up an interesting discussion. |
However beautiful the strategy, you should occasionally look at the results. --Sir Winston Churchill
Blog: http://www.greatvirtualscott.com
Twitter: http://twitter.com/gr8virtualscott |
|
|
|
wkasdo
Administrator
Netherlands
7403 Posts
Status: offline |
Posted - 06/17/2012 : 2:13:16 PM
|
> but if Windows can be hacked isn't Hyper-V still vunerable from the sense you could shut down the Hyper-V hosts and all their VM's completely by shutting down Windows?
Absolutely. I think the point is that you cannot do so from a VM. It's always the case that if you own the host, then you own the VM's. Attacking one VM from another is a different story, and one that would fly if you could go from Ring 3 to Ring -1. |
Make it as simple as you can, but not simpler -- Albert Einstein |
|
|
| |
Topic |
|
Interesting Vunerability
