SYSRET 64-bit OS privilege vulnerability on Intel, DOES NOT AFFECT HYPER-V
Last week US-CERT warned of guest-to-host VM escape vulnerability and it was reported that an issue on Intel based servers could lead to a “break out” from a VM to the host in certain virtualisation products, including Microsoft : “A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation” : http://www.kb.cert.org/vuls/id/649219
Affected vendors include Intel Corp., FreeBSD, Microsoft, NetBSD, Oracle, RedHat, SUSE Linux and Xen.
But Hyper-V is NOT Affected By VU#649219 VM “Break Out”.
I’ve asked the Microsoft Hyper-V product team Redmond if Hyper-V was actually affected and as per their answer:
•The problem does affect the 64-bit OS’s on Intel hardware, but Hyper-V is not affected.
•This problem will not lead to break outs from Hyper-V VMs.
•Windows 8 is not affected
•Windows Server 2012 is not affected.
This was covered as well by Aidan Finn : http://www.aidanfinn.com/?p=12838