Summary

On November 12, 2019, Intel published a technical advisory around Intel® Processor Machine Check Error vulnerability that is assigned CVE-2018-12207. Microsoft has released updates to help mitigate this vulnerability for guest Virtual Machines (VMs) but the protection is disabled by default. Enabling this protection requires an action on the Hyper-V hosts running untrusted VMs. Follow the guidance in the "Registry setting" section to enable this protection on the Hyper-V hosts running untrusted VMs.

Registry setting

  • To enable the protection around Intel® Processor Machine Check Error vulnerability (CVE-2018-12207), run the following command in an elevated Command Prompt on the Hyper-V host that run untrusted VMs to set the following registry key:

    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v IfuErrataMitigations /t REG_DWORD /d 1 /f

Note After executing this command, please shutdown and then restart all Guest VMs running on the Hyper-V host.

  • To disable the protection around Intel® Processor Machine Check Error vulnerability (CVE-2018-12207), run the following command in an elevated Command Prompt on the Hyper-V host that run untrusted VMs to set the following registry key:

    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v IfuErrataMitigations /t REG_DWORD /d 0 /f

Note After executing this command, please shutdown and then restart all Guest VMs running on the Hyper-V host.

 

Perlu bantuan lainnya?

Ingin opsi lainnya?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.