Microsoft Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

An elevation of privilege vulnerability has been identified in the Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP). This vulnerability allows an attacker to gain SYSTEM privileges. It exists in various versions of Windows 10, Windows 11, Windows Server 2022, and Windows Server 2025. The issue arises within the Hyper-V NT Kernel Integration VSP, which facilitates communication between the host operating system and container-type virtual machines, such as Windows Sandbox and Microsoft Defender Application Guard. Unlike traditional Hyper-V VMs, which maintain a strong isolation boundary, container-type VMs simulate running on the host, creating a potential vulnerability.

Impact

Exploitation of this vulnerability leads to unauthorized elevation of privileges, allowing an attacker to gain SYSTEM rights.

Remediation

Users are advised to update to the latest version of Windows. Security updates addressing this vulnerability can be downloaded via the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5050009, KB5049981, KB5050021, and KB5049984.