CVE-2025-21334: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Overview
- Severity
- High (CVSS 7.8)
- CVSS Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- Category
- Elevation of Privilege
- Exploit Status
- Actively Exploited
- Exploitation Likelihood
- Detected
- Patch Tuesday
- 2025-Jan
- Released
- 2025-01-14
- Last Updated
- 2025-01-15
- EPSS Score
- 6.64% (percentile: 91.2%)
- CISA KEV
- Listed — due 2025-02-04
FAQ
What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Does this vulnerability exist in the Hyper-V server?
No, the Hyper-V NT Kernel Integration Virtual Service Provider (VSP) is a component used for communications between the host OS and container-type VMs, such as Windows Sandbox and Microsoft Defender Application Guard (MDAG). It is not in a traditional Hyper-V VM environment. Whereas traditional Hyper-V VMs have a strong boundary between the host and the guest for isolation purposes, container-type VMs like MDAG simulate that they are running on the host. The Hyper-V NT Kernel Integration VSP driver has functionality that enables this simulation.
Microsoft strongly recommends updating to the latest version of Windows to be protected against this vulnerability.
Is this a guest to host type of vulnerability?
No, this is a local elevation of privilege, not any type of guest to host escape.
Affected Products (11)
Windows
- Windows 10 Version 21H2 for x64-based Systems
- Windows Server 2025 (Server Core installation)
- Windows 11 Version 23H2 for ARM64-based Systems
- Windows 11 Version 23H2 for x64-based Systems
- Windows Server 2022, 23H2 Edition (Server Core installation)
- Windows 11 Version 24H2 for ARM64-based Systems
- Windows 11 Version 24H2 for x64-based Systems
- Windows Server 2025
ESU
- Windows 11 Version 22H2 for ARM64-based Systems
- Windows 11 Version 22H2 for x64-based Systems
- Windows 10 Version 22H2 for x64-based Systems
Security Updates (4)
Revision History
- 2025-01-14: Information published.
- 2025-01-15: Added FAQ information. This is an informational change only.