KB2893986 – Vulnerability in WS2012 & Windows 8 Hyper-V Could Allow Elevation of Privilege

In November, Microsoft released the MS13-092 (aka CVE-2013-3898) security fix for Windows Server 2012 Hyper-V and Windows 8 Client Hyper-V. 

An attacker who successfully exploited this vulnerability could execute arbitrary code as System in another virtual machine (VM) on the shared Hyper-V host. An attacker would not be able to execute code on the Hyper-V host, only on guest VMs on the same host. The vulnerability could also allow denial of service in Hyper-V on the same platforms, allowing an attacker to cause the Hyper-V host to stop responding or restart.

We’ve only had a handful of security fixes for Hyper-V since it was released on Windows Server 2008.  This looks like the most important one of the lot.

Please test/deploy as quickly as you can.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.