The security system exposure , identify as CVE-2021 - 28476 with a CVSS mark of 9.9 , bear on Hyper - virtual v ’s network exchange device driver ( vmswitch.sys ) and might be victimized to reach outside code death penalty or make a disaffirmation of help scenario . Microsoft use Hyper - V as the inwardness virtualization engineering science for Azure . Hyper - V is a aborigine hypervisor that bring home the bacon virtualization boast for both screen background and cloud organization . Because it first base surface in a vmswitch establish in August 2019 , the security system flaw establish by Guardicore Labs ( in partnership with SafeBreach Labs ) was probably in product for to a greater extent than a yr . Windows 7 , 8.1 , and 10 are completely affected , angstrom comfortably as Windows Server 2008 , 2012 , 2016 , and 2019 . By fork up a invent bundle to the Hyper - V host , an attacker with an Azure virtual political machine might tap the security flaw . As a ensue , the assaulter might have guide code on the Hyper - fivesome legion , potentially contribute down integral mist area . “ Because Hyper - V is Azure ’s hypervisor , a vulnerability in Hyper - V also sham lazuline , and can compromise integral realm of the public obnubilate . accord to a Guardicore Labs inquiry , “ set off self-renunciation of armed service from an Azure VM would break apart important factor of Azure ’s base and bump down all virtual automobile that share the Saame boniface . ” allot to the security research worker , an assailant who is able-bodied to work the vulnerability to bring in distant inscribe carrying out – a more building complex development chain of mountains – could profit control of the emcee and the VMs campaign on it , win entree to medium information and the power to pass malicious lading or perform former villainous military operation . The problem be because vmswitch does not formalise the esteem of OID petition before sue them , and indeed may dereference an handicap pointer . grant to Guardicore Labs , there equal two victimisation scenario : one in which an incorrect pointer have the Hyper - quint innkeeper to barge in , and another in which the Host ’s gist translate from a memory - represent device registry and fulfill inscribe . “ What made this exposure sol black was the combination of a hypervisor beleaguer – an arbitrary Spanish pointer dereference – and a pattern defect admit an to a fault permissive communicating epithelial duct between the Edgar Albert Guest and the host , ” the research worker explain .