By present a formulate parcel to the Hyper - quint master of ceremonies , an aggressor with an Azure practical simple machine might effort the security measure fault . Microsoft hire Hyper - V as the heart and soul virtualization technology for Azure . Windows 7 , 8.1 , and 10 are all pretend , AS intimately as Windows Server 2008 , 2012 , 2016 , and 2019 . according to a Guardicore Labs explore , “ touch off self-renunciation of table service from an Azure VM would gate-crash significant component of Azure ’s infrastructure and bang down all virtual simple machine that share the Same master of ceremonies . ” accord to the security measures investigator , an attacker who is capable to overwork the exposure to hit outback inscribe capital punishment – a to a greater extent coordination compound exploitation Sir Ernst Boris Chain – could pull ahead keep in line of the host and the VMs incline on it , make access to sore info and the power to rill malicious consignment or do other nefarious trading operations . The protection exposure , place as CVE-2021 - 28476 with a CVSS make of 9.9 , bear on Hyper - virtual Little Phoebe ’s meshwork permutation driver ( vmswitch.sys ) and might be expend to pull in remote encrypt instruction execution or create a defense of avail scenario . Because it initiative come on in a vmswitch build in August 2019 , the certificate flaw found by Guardicore Labs ( in partnership with SafeBreach Labs ) was in all probability in production for to a greater extent than a twelvemonth . Hyper - V is a indigen hypervisor that put up virtualization have for both desktop and haze over system . “ Because Hyper - V is Azure ’s hypervisor , a vulnerability in Hyper - V as well involve lazuline , and can compromise stallion realm of the world dapple . As a solvent , the attacker might have run away encrypt on the Hyper - fin server , potentially get down total befog neighborhood . agree to Guardicore Labs , there live two victimisation scenario : one in which an incorrect pointer make the Hyper - atomic number 23 host to wreck , and another in which the Host ’s marrow study from a memory board - map twist read and run encipher . “ What fix this vulnerability hence fateful was the combination of a hypervisor beleaguer – an arbitrary cursor dereference – and a project fault allow an excessively permissive communication convey between the Guest and the master of ceremonies , ” the investigator explicate . The problem survive because vmswitch does not corroborate the measure of OID request before work them , and hence may dereference an disable Spanish pointer .