KB2345316: Prevent a DDOS Attack From A Hyper-V VM

Microsoft has released the second ever (since the release of Windows Server 2008!) security fix for Hyper-V. 

“This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users”.

In other words, you have to be logged into a VM running on the host (be a legit internal user) and have sufficient rights in the VM’s operating system to craft this packet.

The issue affects Windows Server 2008 and Windows Server 2008 R2.

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.