Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine

Presented at Black Hat USA 2019, Aug. 7, 2019, 11:15 a.m. (50 minutes).

Cloud proliferation continues to increase the worlds dependency on the security of virtualization stacks. But like all software stacks, virtualization stacks have vulnerabilities.

In this talk, I'll examine a powerful vulnerability in Hyper-V's emulated storage component that was reported through the Hyper-V bug bounty. Then, I'll demonstrate how I exploited this vulnerability on Windows Server 2012R2.

Next, I'll discuss how Windows has evolved between Windows 2012R2 and Redstone 3. I'll show you how I tried, failed, and then ultimately succeeded in exploiting the same vulnerability on Windows Redstone 3 with numerous hardening measures in place. This will provide empirical evidence for the impact that several years of platform hardening can have on exploitation.

I'll wrap up the talk by discussing the takeaways Microsoft had from this exercise and how we're approaching hardening the Hyper-V stack (and other critical code) as a result.


Presenters:

  • Joe Bialek - Security Engineer, Microsoft
    Joe Bialek is a security engineer in the Microsoft Security Response Center's Vulnerability & Mitigations team. Joe spends his time eliminating vulnerability classes, creating exploit mitigations, and finding security bugs.

Links:

Similar Presentations: