The security exposure , key out as CVE-2021 - 28476 with a CVSS hit of 9.9 , pretend Hyper - practical v ’s network interchange device driver ( vmswitch.sys ) and might be exploited to realize remote cipher performance or make a self-renunciation of servicing scenario . Microsoft apply Hyper - V as the pith virtualization applied science for Azure . Hyper - V is a indigen hypervisor that ply virtualization characteristic for both desktop and overcast organisation . Because it firstly show up in a vmswitch chassis in August 2019 , the security measure blemish constitute by Guardicore Labs ( in partnership with SafeBreach Labs ) was in all probability in output for more than a year . Windows 7 , 8.1 , and 10 are whole strike , type A substantially as Windows Server 2008 , 2012 , 2016 , and 2019 . By pitch a bad packet boat to the Hyper - volt master of ceremonies , an assaulter with an Azure virtual automobile might effort the security measures fault . As a ensue , the assaulter might have range cipher on the Hyper - volt emcee , potentially play down full corrupt neighborhood . “ Because Hyper - V is Azure ’s hypervisor , a exposure in Hyper - V as well strike sapphire , and can via media stallion region of the world fog . concord to a Guardicore Labs research , “ trigger off self-denial of avail from an Azure VM would go down meaning chemical element of Azure ’s infrastructure and pink down all practical automobile that share the like host . ” according to the security measure investigator , an assailant who is able-bodied to overwork the vulnerability to make headway outback encrypt executing – a to a greater extent coordination compound development string – could win master of the Host and the VMs head for the hills on it , derive entree to tender info and the power to hunt malicious shipment or do other villainous surgical operation . The job be because vmswitch does not corroborate the value of OID call for before sue them , and thus may dereference an invalid pointer . fit in to Guardicore Labs , there exist two using scenario : one in which an incorrect Spanish pointer get the Hyper - fivesome innkeeper to gate-crash , and another in which the horde ’s inwardness understand from a store - map out gimmick show and run computer code . “ What constitute this vulnerability and so fateful was the combination of a hypervisor germ – an arbitrary arrow dereference – and a excogitation mar provide an excessively permissive communicating distribution channel between the Guest and the innkeeper , ” the research worker explain .