CVE-2021-31977 – This vulnerability in Windows Hyper-V allows an... (How to Fix)

Q: What is the severity of CVE-2021-31977?

CVE-2021-31977 has a CVSS score of 8.6 (HIGH). This vulnerability in Windows Hyper-V allows an authenticated attacker on a guest virtual machine to send specially crafted requests to the host, causing a denial of service (host crash). It affects Windows Server systems running Hyper-V virtualization.

📋 TL;DR

This vulnerability in Windows Hyper-V allows an authenticated attacker on a guest virtual machine to send specially crafted requests to the host, causing a denial of service (host crash). It affects Windows Server systems running Hyper-V virtualization.

💻 Affected Systems

Products:

Windows Server

Versions: Windows Server 2019, Windows Server 2022, Windows Server version 2004, 20H2

Operating Systems: Windows Server

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Hyper-V role enabled. Client Windows versions not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete host system crash requiring physical reboot, disrupting all virtual machines running on that host.

🟠

Likely Case

Hyper-V host becomes unresponsive, requiring manual restart and causing downtime for all hosted VMs.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to isolated virtualization environments.

🌐 Internet-Facing: LOW - Requires authenticated access to a guest VM, not directly exploitable from internet.

🏢 Internal Only: MEDIUM - Malicious insider or compromised guest VM could exploit this to disrupt virtualization infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access to a guest VM and knowledge of Hyper-V internals.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2021 security updates (KB5003637 for Server 2019, KB5003635 for Server 2022)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31977

Restart Required: Yes

Instructions:

1. Apply June 2021 Windows Server security updates via Windows Update. 2. Restart the Hyper-V host server. 3. Verify patch installation with 'systeminfo' command.

🔧 Temporary Workarounds

Disable Hyper-V

windows

Remove Hyper-V role if not required, eliminating attack surface

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All

Network segmentation

all

Isolate Hyper-V management network from guest VM networks

🧯 If You Can't Patch

Implement strict access controls to guest VMs and monitor for suspicious activity
Segment virtualization infrastructure and implement network monitoring for Hyper-V traffic anomalies

🔍 How to Verify

Check if Vulnerable:

Check if Hyper-V role is enabled and Windows Server version is affected (2019, 2022, 2004, 20H2)

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify June 2021 security updates are installed via 'systeminfo' or 'Get-HotFix -Id KB5003637'

📡 Detection & Monitoring

Log Indicators:

Event ID 41 - Kernel-Power (unexpected shutdown)
Hyper-V event logs showing VM connection issues

Network Indicators:

Unusual Hyper-V management protocol traffic from guest VMs

SIEM Query:

EventID=41 AND Source="Microsoft-Windows-Kernel-Power" AND ComputerName contains "HV"

📊 Metadata

CVE ID: CVE-2021-31977

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-119

Published: June 8, 2021

Last Updated: November 21, 2024

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31977 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31977 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31977, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Hyper-V

Network segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities