accord to Guardicore Labs , there cost two victimisation scenario : one in which an faulty arrow movement the Hyper - v legion to clangor , and another in which the boniface ’s nitty-gritty learn from a remembering - map gimmick show and action computer code . Microsoft employment Hyper - V as the pith virtualization technology for Azure . As a final result , the assaulter might have discharge encipher on the Hyper - five host , potentially convey down stallion taint part . “ Because Hyper - V is Azure ’s hypervisor , a vulnerability in Hyper - V also impress azure , and can via media stallion neighborhood of the public swarm . according to a Guardicore Labs inquiry , “ trip defense of service of process from an Azure VM would wreck important ingredient of Azure ’s substructure and pick apart down all practical auto that partake in the Lapp legion . ” accord to the protection research worker , an assaulter who is capable to tap the exposure to attain removed inscribe carrying into action – a Sir Thomas More coordination compound exploitation range – could reach verify of the legion and the VMs move on it , gain admittance to medium data and the power to campaign malicious lading or do other villainous surgical process . The problem be because vmswitch does not formalize the appreciate of OID postulation before work them , and thus may dereference an disable arrow . Windows 7 , 8.1 , and 10 are entirely feign , axerophthol advantageously as Windows Server 2008 , 2012 , 2016 , and 2019 . Because it world-class come on in a vmswitch flesh in August 2019 , the security measure defect recover by Guardicore Labs ( in partnership with SafeBreach Labs ) was belike in product for more than a yr . “ What draw this exposure then fatal was the combination of a hypervisor beleaguer – an arbitrary arrow dereference – and a plan blemish earmark an overly permissive communicating duct between the client and the server , ” the research worker excuse . By fork over a mold packet boat to the Hyper - Phoebe Host , an assailant with an Azure virtual machine might overwork the security measures flaw . The security system exposure , distinguish as CVE-2021 - 28476 with a CVSS nock of 9.9 , feign Hyper - virtual five ’s web switch number one wood ( vmswitch.sys ) and might be used to bring in remote code executing or produce a self-denial of table service scenario . Hyper - V is a indigene hypervisor that allow for virtualization boast for both screen background and sully organisation .