Researchers urge hackers to exploit Hyper-V's huge attack surface
At the Hack in the Box security conference in Amsterdam, ERNW security researchers Enno Rey, Felix Wilhelm, and Matthias Luft presented Compromise-as-a-Service: Our PleAZURE (pdf).
The group says they chose to research Hyper-V because there has been “very little research so far,” resulting in only four DoS vulnerabilities in six years. Besides being used in a variety of corporate environments, Hyper-V – aka Windows Server Virtualization – “is also used in a variety of other platforms such as Microsoft Azure or the Xbox One gaming console.”
In a newly released technical paper (pdf) on Hyper-V security, ERNW researchers wrote, “after almost six years on the market, only a handful of Denial-of-Service vulnerabilities were patched. Even though Microsoft’s SDL has an impressive track record of producing secure software, this seems like an unrealistic low amount of vulnerabilities for such complex software.”