CVE-2024-49117: 
vulnerability analysis and mitigation

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2024-49117) is a Critical vulnerability discovered in December 2024. This vulnerability affects various versions of Windows 11 and Windows Server systems, including Windows 11 22H2, 23H2, 24H2, and Windows Server 2022. The vulnerability has been assigned a CVSS score of 8.8 (High) (CrowdStrike Blog).

The vulnerability requires an authenticated attacker on a guest virtual machine (VM) to send specially crafted file operation requests to hardware resources on the VM, which could result in remote code execution on the host server. While described as 'remote,' the vulnerability actually requires local access to exploit. The vulnerable endpoint is only accessible through the local VM interface, meaning an attacker must already have access to the local machine to carry out the attack (CrowdStrike Blog).

If successfully exploited, this vulnerability allows arbitrary code execution on the host server from a guest virtual machine. This could potentially lead to a complete compromise of the host system, making it particularly concerning for environments running multiple VMs on a single Hyper-V host (CrowdStrike Blog).

Microsoft has released security patches for the affected systems including Windows 11 22H2 (up to version 10.0.22621.4602), Windows 11 23H2 (up to version 10.0.22631.4602), Windows 11 24H2 (up to version 10.0.26100.2605), and Windows Server 2022 (up to version 10.0.20348.2966). Organizations are advised to apply these security updates as soon as possible (NIST NVD).