Microsoft Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

An elevation of privilege vulnerability has been identified in the Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP). This vulnerability allows an attacker to escalate privileges, potentially gaining SYSTEM rights on the Hyper-V host. The issue arises in container-type virtual machines, such as those used by Windows Sandbox and Microsoft Defender Application Guard, where the Hyper-V NT Kernel Integration VSP driver facilitates communication between the host operating system and the virtual machines. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and a complete takeover of the Hyper-V host.

Impact

Successful exploitation of this vulnerability allows an attacker to gain SYSTEM privileges on the affected host.

Remediation

To address this vulnerability, Microsoft recommends updating to the latest version of Windows. For users who need to disable Hyper-V temporarily, a PowerShell script is available that uses the `Disable-WindowsOptionalFeature` command to turn off the Hyper-V feature. After running the script, a system restart is required for the changes to take effect.