Most of you will remember that Hyper-V’s parent partition is based on a slimmed down version of Windows called “Server Core”. Hmmm, could it be that the parent partition is affected?
Yup, it’s affected.
Don’t let the word “Core” mislead you. It’s still a big footprint – about 1GB in size. I’m glad this particular vulnerability isn’t remotely exploitable or I’d really be worried, but we’ve still got to patch the darn thing. And that means taking the server down. Live Migration (introduced with Windows Server 2008 R2) will allow you to move the workloads without downtime, but how many of you have moved to R2?
The lesson from all of this is that thinner is better from a security perspective and I’d argue that the x86 virtualization platforms that we are installing (ESX, Xen, Hyper-V and so on) are the most important x86 platforms in our data centers. That means patching this layer is paramount. With Hyper-V’s parent partition that means closely keeping an eye on Microsoft’s vulnerability announcements to see if it is affected.