{"id":58004,"date":"2025-01-15T01:33:04","date_gmt":"2025-01-15T01:33:04","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/"},"modified":"2025-01-15T01:33:04","modified_gmt":"2025-01-15T01:33:04","slug":"microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/","title":{"rendered":"Microsoft fixes under-attack privilege-escalation holes in Hyper-V"},"content":{"rendered":"<p><span class=\"label\">Patch Tuesday<\/span> The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that deserve your attention.<\/p>\n<p>The Hyper-V vulnerabilities are <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21333\">CVE-2025-21333<\/a>, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21334\">CVE-2025-21334<\/a>, and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21335\">CVE-2025-21335<\/a>, and were already being exploited in the wild as zero-days. They are rated important in terms of severity, score 7.8 out of 10 on the CVSS scale, and involve abusing memory-safety bugs: Two use-after-free, and one heap buffer overflow.<\/p>\n<p>That\u2019s scary because they can allow an attacker to gain SYSTEM privileges \u2013 the ultimate position of power on a Windows box. That said, the vulnerabilities are not billed as guest escapes, and instead we&#8217;re told they simply allow a rogue user or malware already on a machine to gain top privileges. Whatever the problem is, it&#8217;s present in Windows 10 and 11, plus Windows Server\u2019s 2022 and 2025 releases.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Microsoft has not detailed the extent nor nature of the in-the-wild exploitation.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Redmond\u2019s patch drop also contains three fixes for flaws rated 9.8 out of 10, and therefore considered critical.<\/p>\n<p>The first, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21311\">CVE-2025-21311<\/a>, is another elevation-of-privilege flaw, this time in the NTMLv1 authentication system, and can be exploited remotely. While a patch is available, Redmond added a mitigation strategy: Set LmCompatibilityLevel to its maximum value (5). This blocks NTLMv1 while still allowing NTLM2 to function.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The other two flaws can both facilitate remote code execution. Possibly the more serious issue is in the Windows Object Linking and Embedding (OLE) framework, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21298\">CVE-2025-21298<\/a>. Exploitation of this bug may involve a user opening a specially crafted Outlook email. The problem affects Windows 10 and 11, and all supported versions of Windows Server from 2016 onward.<\/p>\n<p>The other 9.8-rated issue, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21307\">CVE-2025-21307<\/a>, requires a target to have at least one program actively listening on a Windows Pragmatic General Multicast (PGM) port, PGM being a networking component that allows simultaneous distribution of data to multiple recipients. Microsoft warns that \u201can unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast open socket on the server, without any interaction from the user.\u201d Those poisoned packets could lead to arbitrary code execution on that remote target. Microsoft hasn\u2019t, understandably, said how that happens.<\/p>\n<p>This is a good news\/bad news bug. The good is that PGM does not authenticate requests so it is not recommended to expose it to the public internet, and we assume most of you don&#8217;t. The bad news is those who ignored that advice are exposed.<\/p>\n<div class=\"boxout\" readability=\"12.173410404624\">\n<p>Microsoft rates flaws using <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\">the CVSS<\/a>, and also its own <a href=\"https:\/\/www.microsoft.com\/en-us\/msrc\/security-update-severity-rating-system?oneroute=true\" target=\"_blank\" rel=\"nofollow noopener\">Security Update Severity Rating System<\/a>, which considers above all else a flaw critical if it can result in unwanted code execution without user interaction. Here are three holes addressed in January&#8217;s Patch Tuesday that have sub-9.0 CVSS scores (ie, non-critical) but are considered critical by the IT titan:<\/p>\n<ul>\n<li>We have <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21296\">CVE-2025-21296<\/a>, a nasty remote code execution issue with Branchcache \u2013 Redmond&#8217;s networking tool that was ironically supposed to make patch management easier. Luckily, it is only exploitable if you&#8217;re on the same local network and manage to win a time-of-check-to-time-of-use race.<\/li>\n<li>Next up is an issue with Microsoft&#8217;s security client\/server code snappily dubbed the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) Extended Negotiation (NEGOEX). The patch fixes <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21295\">CVE-2025-21295<\/a>, which would allow an unauthenticated attacker to &#8220;manipulate system operations in a specific manner&#8221; to remotely run code.<\/li>\n<li>Another on the crit list is <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21294\">CVE-2025-21294<\/a>, which can be found in Microsoft&#8217;s Digest Authentication procedure. We&#8217;re told: &#8220;An attacker could successfully exploit this vulnerability by connecting to a system which requires digest authentication, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.&#8221; More memory safety issues, then.<\/li>\n<\/ul>\n<\/div>\n<p>Moving along, the <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-Jan\">January patch list<\/a> includes two more sub-9.0 critical flaws, these ones in everyone\u2019s favorite spreadsheet, Excel.<\/p>\n<p>Both <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-21362\">CVE-2025-21362<\/a> and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-21354\">CVE-2025-21354<\/a> allow code execution if the user can be tricked into opening a malware-packed file, and neither requires special privileges to exploit.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;The worry for these vulnerabilities in Excel is that they are more likely to be exploited in the wild, meaning Microsoft likely suspects they can be weaponized by attackers,&#8221; said Ben McCarthy, lead cyber security engineer at Immersive Labs.<\/p>\n<p>&#8220;With social engineering still being one the main ways for attackers to gain initial access, any vulnerabilities in Excel need to be taken seriously by any company that uses it and patch it immediately.&#8221;<\/p>\n<p>Other fixes harden Remote Desktop services against flaws Microsoft considers critical. <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21309\">CVE-2025-21309<\/a> and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-21297\">CVE-2025-21297<\/a> both allow an attacker to exploit either vulnerability &#8220;by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code,&#8221; Microsoft said.<\/p>\n<p>Then there&#8217;s <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-21380\">CVE-2025-21380<\/a>, an Azure Marketplace SaaS resources information disclosure vulnerability; <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-21385\">CVE-2025-21385<\/a>, a Purview info-leak; and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-21178\">CVE-2025-21178<\/a>, a code execution hole in Visual Studio.<\/p>\n<p>There&#8217;s another summary of the holes over <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.zerodayinitiative.com\/blog\/2025\/1\/14\/the-january-2025-security-update-review\">at the Zero Day Initiative<\/a>.<\/p>\n<h3 class=\"crosshead\">More trouble to handle<\/h3>\n<p>Adobe\u2019s January patches fix flaws in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/photoshop\/apsb25-02.html\">Photoshop<\/a>, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/illustrator-mobile-ios\/apsb25-04.html\">Illustrator<\/a>, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/substance3d_stager\/apsb25-03.html\">Substance3D Stager<\/a>, and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/animate\/apsb25-05.html\">Animate.<\/a><\/p>\n<p>There are vulnerabilities in Photoshop 2024 and 2025 affecting both Windows and macOS that Adobe considers of critical concern as, like Microsoft, it has its own <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/au\/security\/severity-ratings.html\">ratings<\/a> that suggest you prioritize fixes for vulns that \u201callow malicious native-code to execute, potentially without a user being aware.\u201d<\/p>\n<p>The Photoshop flaws meet that definition as they make arbitrary code execution a possibility.<\/p>\n<p>Illustrator received fixes for two code execution vulnerabilities, each with a CVSS score of 7.8. Substance 3D Stager addresses five similar flaws, while Animate gets one. All of these vulnerabilities require user interaction and cannot be remotely triggered.<\/p>\n<p>Cisco slipped out a couple of fixes, both of which it rated as medium severity. There&#8217;s <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-snort-rf-bypass-OY8f3pnM\">an issue<\/a> with the Snort intrusion detection system, which means trouble for some other Cisco security software that relies on it.<\/p>\n<p>There&#8217;s also a certification <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-thousandeyes-cert-pqtJUv9N\">validation flaw<\/a> in ThousandEyes Endpoint Agent for macOS and RoomOS (Cisco\u2019s software for meeting room gear) that would allow a remote and unauthenticated user to falsely validate themselves as a trusted host. ThousandEyes Windows systems are safe for now.<\/p>\n<p>Finally SAP <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/support.sap.com\/en\/my-support\/knowledge-base\/security-notes-news\/january-2025.html\">released<\/a> 14 patches for its systems this month with two critical, one high severity, and three medium flaws in NetWeaver Application Server for ABAP and newer ABAP Platform versions. There are also three medium severity flaws in SAP GUI for Windows, Java, and Netweaver that should be fixed.<\/p>\n<p>While we have mentioned plenty of nasties above, this is not the scariest month of patches we\u2019ve reported. But that\u2019s no reason for complacency, as bad actors will doubtless already be trying to flip the calendar from Patch Tuesday to Exploit Wednesday. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2025\/01\/15\/patch_tuesday_january_2025\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plus: Excel hell, angst for Adobe fans, and life&#8217;s too Snort for Cisco Patch Tuesday\u00a0 The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that deserve your attention.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-58004","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft fixes under-attack privilege-escalation holes in Hyper-V 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft fixes under-attack privilege-escalation holes in Hyper-V 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-15T01:33:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft fixes under-attack privilege-escalation holes in Hyper-V\",\"datePublished\":\"2025-01-15T01:33:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/\"},\"wordCount\":1138,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/\",\"name\":\"Microsoft fixes under-attack privilege-escalation holes in Hyper-V 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2025-01-15T01:33:04+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft fixes under-attack privilege-escalation holes in Hyper-V\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft fixes under-attack privilege-escalation holes in Hyper-V 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft fixes under-attack privilege-escalation holes in Hyper-V 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2025-01-15T01:33:04+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft fixes under-attack privilege-escalation holes in Hyper-V","datePublished":"2025-01-15T01:33:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/"},"wordCount":1138,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/","name":"Microsoft fixes under-attack privilege-escalation holes in Hyper-V 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2025-01-15T01:33:04+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z4dt-9LKBFgr2WSMoEj0-gAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-fixes-under-attack-privilege-escalation-holes-in-hyper-v\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft fixes under-attack privilege-escalation holes in Hyper-V"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=58004"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58004\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=58004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=58004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=58004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}