The security of Microsoft’s cloud services is a top priority for us. One of the technologies that is central to cloud security is Microsoft Hyper-V which we use to isolate tenants from one another in the cloud. Given the importance of this technology, Microsoft has made and continues to make significant investment in the security of Hyper-V and the powerful security features that it enables, such as Virtualization-Based Security (VBS). To reinforce this commitment, Microsoft offers rewards of up to $250,000 USD for the discovery of vulnerabilities in Hyper-V through our Hyper-V Bounty Program.
We would like to share with the security community that we have now released debugging symbols for many of the core components in Hyper-V, with some exceptions such as the hypervisor where we would like to avoid our customers taking a dependency on undocumented hypercalls for instance.
The symbols that have been made available allow security researchers to better analyze Hyper-V’s implementation and report any vulnerabilities that may exist as part of our Hyper-V Bounty Program. The list of the components that now have debugging symbols available can be found at this blogpost by the Microsoft Virtualization team.
We believe this is a step towards contributing more and more from our internal knowledge back to the security research community. As always, please let us know if you find any new vulnerabilities at secure@microsoft.com , or if you have any other questions @msftsecresponse.
MSRC Vulnerabilities and Mitigations Team