Many organizations likely haven't patched against this critical Hyper-V issue

Microsoft Azure Hero
Microsoft Azure Hero (Image credit: Microsoft)

What you need to know

  • Security experts found a critical vulnerability in Hyper-V's virtual network switch driver.
  • Microsoft gave the vulnerability a 9.9/10 critical severity score.
  • A patch was released for the vulnerability back in May, but many organizations likely have not installed it yet.

A critical vulnerability in Hyper-V's virtual network was discovered by Guardicore Labs and SafeBreach Labs. If exploited, an attacker can "take down whole regions of the cloud," according to Guardicore.

The vulnerability affects Windows 10 as well as Windows Server 2021 through 2019. SafeBreach's Peleg Hadar and Gardicore's Opher Harpaz discovered the fault and will discuss it at the Black Hat security conference in August 2021. The researchers have already privately disclosed the vulnerability to Microsoft.

As explained by BleepingComputer, the vulnerability can be used to terminate all virtual machines running on a Hyper-V host. An attacker could also gain control of a host and all virtual machines attached to it. To exploit the vulnerability, an attacker needs to have access to a guest virtual machine.

Latest Videos From

First appearing in August 2019, the vulnerability was given a 9.9/10 critical severity score by Microsoft. The vulnerability was labeled CVE-2021-28476 by Microsoft.

The issue is quite technical, but Harpaz and Hadar explain its risks in layman's terms:

What made this vulnerability so lethal is the combination of a hypervisor bug – an arbitrary pointer dereference – with a design flaw allowing a too-permissive communication channel between the guest and the host.Vulnerabilities like CVE-2021-28476 demonstrate the risks that a shared resource model (e.g. a public cloud) brings. Indeed, in cases of shared infrastructures, even simple bugs can lead to devastating results like denial of service and remote code execution.

Microsoft released a patch for this vulnerability in May 2021, but Harpaz told BleepingComputer that some vulnerabilities remain unpatched for years.

"There are so many Windows Servers today that are vulnerable to well-known bugs, I won't be surprised if this bug stays unpatched for a very long time in organizations," said Harpaz.

Sean Endicott
News Writer

Sean Endicott is a News Writer at Windows Central, where he covers Windows 11, Surface hardware, Microsoft 365, AI, apps, and the broader PC ecosystem. Since joining the site in 2017, he has written well over a thousand articles across the Microsoft landscape, covering breaking news, analysis, and feature reporting.

He writes Windows Wrap, a weekly column covering the biggest stories in Windows and the PC industry, and what they mean for the platform going forward.

Before joining Windows Central full-time, Sean worked in journalism and media production after earning a First Class degree in Broadcast Journalism from Nottingham Trent University. Outside of tech, he is an award-winning American football coach based in Nottingham, England, and was named BAFCA Youth Coach of the Year in 2024.