Hardening Hyper-V through Offensive Security Research

The presentation discusses the security measures and mitigations implemented in Hyper-V components, including moving more components into user mode and implementing hardware-based security features.

• Hyper-V components are being moved into user mode for better security posture
• Mitigations such as hvc and K CFG are being implemented for general hardening
• Investment in hardware-based security features such as CT is being made
• VSPs in the worker process provide isolation on a per VM basis
• Worker process is being further hardened to prevent escalation to kernel level
• Hyper-V Avanti bounty program offers high rewards for finding vulnerabilities

The presenter demonstrated how an exploit that worked the first time was worth $250,000 to Microsoft, and how the company is investing in security features implemented in hardware. They also showed how VSPs in the worker process provide isolation on a per VM basis, and how the worker process is being further hardened to prevent escalation to kernel level. The presenter also mentioned the Hyper-V Avanti bounty program, which offers high rewards for finding vulnerabilities.

Virtualization technology is fast becoming the backbone of the security strategy for modern computing platforms. Hyper-V, Microsoft's virtualization stack, is no exception and is therefore held to a high security standard, as is demonstrated by its $250,000 public bug bounty program. As one might expect, Microsoft's own engineers are continually looking for vulnerabilities in the code that makes up their products. Perhaps more unexpectedly, Microsoft also develops exploits for these products in an effort to gain a better understanding of the techniques involved and mitigate them before they can be used against customers. In this talk, we will relate how Microsoft's Offensive Security Research (OSR) team did just that with Hyper-V by discovering CVE-2017-0075, developing relevant and novel exploitation techniques to exploit it, and finally contributing learnings to Hyper-V hardening efforts. The presentation will detail every step of this process in great detail, culminating in a live Hyper-Pwning demonstration.