CVE-2021-40461: 
vulnerability analysis and mitigation

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2021-40461) was disclosed on October 12, 2021. This vulnerability affects various versions of Microsoft Windows systems including Windows 10, Windows 11, and Windows Server installations running Hyper-V. The vulnerability is unique from CVE-2021-38672 and was assigned a CVSS v3.1 base score of 9.0 (Critical) by NIST (NVD).

The vulnerability received a CVSS v3.1 base score of 9.0 (Critical) with vector string CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating adjacent network attack vector, low attack complexity, low privileges required, no user interaction, and high impacts on confidentiality, integrity, and availability. Microsoft's assessment differed slightly with a CVSS score of 8.0 (High) and vector string CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H, suggesting higher attack complexity (NVD).

This vulnerability could allow an attacker to execute remote code on affected systems running Hyper-V, potentially compromising the confidentiality, integrity, and availability of the system. The critical severity rating indicates that successful exploitation could lead to significant system compromise (NVD).

Microsoft released security updates to address this vulnerability as part of the October 2021 Patch Tuesday. Multiple KB updates were issued including KB5006672 for Windows 10 version 1809, KB5006667 for version 1909, KB5006670 for versions 2004 and 21H1, KB5006674 for Windows 11, and KB5006699 for Windows Server 2022 (Rapid7).