Cyber Security News

Critical Bug in Azure Hyper-V Let Hackers Perform RCE & DOS Attacks

When it comes to security it seems that Microsoft will not lift its head from this term, as till now, it seems that 2021 is not the best year for Microsoft in terms of security.

Microsoft is currently facing back-to-back hits of security flaws, among them some are severe, and some bit moderate. While this time, the security researchers, Ophir Harpaz of Guardicore and Peleg Hadar of SafeBreach have detected critical vulnerability in Azure Hyper-V.

This new security flaw allows any threat actor to lock vulnerable PCs by performing RCE (Remote Code Execution) and DOS attacks on them.

Guardicore Labs’ Ophir Harpaz and SafeBreach Labs’ Peleg Hadar have identified the flaw with the following identifier and also evaluated the CVSS score:-

  • CVE ID: CVE-2021-28476
  • CVSS Score: 9.9 out of 10
  • Severity: High

Apart from this both the security researchers stated the following statement regarding this flaw in Azure Hyper-V:-

“Hyper-V is Azure’s hypervisor; for this reason, a vulnerability in Hyper-V entails a vulnerability in Azure, and can affect whole regions of the public cloud. Triggering denial of service from an Azure VM would crash major parts of Azure’s infrastructure and take down all virtual machines (VM) that share the same host.”

Eliminate the VMs or take complete command

In the Hyper-V’s network switch driver (vmswitch.sys) this critical vulnerability was detected and it affects the following version of Windows:-

  • Windows 10
  • Windows Server 2012 through 2019

Not only that even during the investigation, but the cybersecurity experts also discovered that an in-house developed fuzzer which is dubbed hAFL1 was used by this critical bug.

While this hypervisor is the key which is responsible for the functioning of platforms like Docker, and even for some functions of the OS, such as the Windows subsystem for Linux, WSL, to function equally without any issues.

The security analysts, Ophir Harpaz and Peleg Hadar together discovered this critical vulnerability, and they reported this critical flaw to Microsoft privately.

Moreover, this vulnerability in Hyper-V virtual switch doesn’t validate the OID (object identifier). In short, like this, an attacker who had access to a VM created within a Windows 10 or Windows Server could easily send a packet to this driver and communicate directly with the host system.

As a result, they manage to block the entire server or gain full control over it and all other virtual machines (VMs).

Business organizations are slow to patch

The Azure service is safe from this security flaw since Microsoft has already patched this vulnerability, but, still, there are some local Hyper-V deployments that are vulnerable to this security flaw.

This happens due to the slow movement of users and business organizations, as in this case, the maximum number of admins do not update their Windows PCs on time when the patches are released.

While apart from this, the security experts explained that “CVE-2021-28476” is a type of critical bug that transparently illustrates the risk factors that could be brought by the shared resource models.

What it justifies is that a simple bug could lead to disastrous results like RCE (Remote code execution) and DoS (Denial of service) attacks.

That’s why security analysts have strongly recommended users and organizations follow proper security habits, security practices, and segmentation to prevent such attacks and being exploited by attackers.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

12 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

15 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

16 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

17 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

18 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

19 hours ago