Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine

Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine

Cloud proliferation continues to increase the worlds dependency on the security of virtualization stacks. But like all software stacks, virtualization stacks have vulnerabilities.

In this talk, I'll examine a powerful vulnerability in Hyper-V's emulated storage component that was reported through the Hyper-V bug bounty. Then, I'll demonstrate how I exploited this vulnerability on Windows Server 2012R2.

Next, I'll discuss how Windows has evolved between Windows 2012R2 and Redstone 3. I'll show you how I tried, failed, and then ultimately succeeded in exploiting the same vulnerability on Windows Redstone 3 with numerous hardening measures in place. This will provide empirical evidence for the impact that several years of platform hardening can have on exploitation.

I'll wrap up the talk by discussing the takeaways Microsoft had from this exercise and how we're approaching hardening the Hyper-V stack (and other critical code) as a result.

Presented by