We place a high priority on the security of Microsoft’s cloud services. Microsoft Hyper-V, which we use to separate tenants in the cloud, is one of the technologies that is essential to cloud security. Microsoft has invested significantly in the security of Hyper-V and the potent security features it enables, such as Virtualization-Based Security (VBS ), in light of the significance of this technology. Microsoft’s Hyper-V Bounty Program, which offers rewards of up to$ 250, 000 USD for finding vulnerabilities in the operating system, serves to reaffirm this commitment.
With a few exceptions, like the hypervisor, where we want to prevent our customers from becoming dependent on undocumented hypercalls for example, we would like to share with the security community that we have now released debugging symbols for many of the core parts of Hyper-V.
Security researchers can more thoroughly examine Hyper-V’s implementation and identify any vulnerabilities that might be present as part of our Hyper- V Bounty Program thanks to the symbols that have been made available. The Microsoft Virtualization team’s blog post contains a list of the components that currently have debugging symbols.
This, in our opinion, is a step toward returning the security research community to more and more of our internal knowledge. As always, if you discover any new vulnerabilities, email [email protected] or msftsecresponse with any additional inquiries.
Team for MSRC Vulnerabilities and Mitigations