Windows 10: Has Windows 10 and Hyper-V introduced "Throwhammer" security Mitigations in Ethernet /...

Windows 10 Hyper-V enables vEthernet adapters, which are bound to RDMA by default, and which cannot be disabled or modified. Any modification of these adapters, and their settings is reverted on reboot. If RDMA bindings cannot be disabled on vEthernet, and if Microsoft has not implemented Throwhammer mitigation, this may open Device Guard enabled systems up toThrowhammer related vulnerabilities [1], unless and until Microsoft has introduced appropriate software mitigations. My question is, has Microsoft addressed Throwhammer vulnerabilities in Hyper-V virtual ethernet adapters?


Microsoft, please make user generated vEthernet adapter binding customizations permanent, instead of reverting them to defaults on boot. Two potential attack surface risks become present: the NetBIOS/LLMNR binding is permanently enabled opening users toNetBIOS/LLMNR poisoning/spoofing attacks, RDMA is permanently enabled potentially exposing people toThrowhammer [2], and any adapter customizations are reset to default upon reboot.


I found a definitive solution to disable vEthernet, unless and until Microsoft fixes these hyper-v security flaws. Simply disable DNS Client and use a better third party DNS client. My solution works, even with Hyper-V enabled. Many of us don't want to disable Hyper-V security, and nothing else allowed me to disable vEthernet in Windows 10 2004. Everything is replaced on reboot, even netbios settings and RDMA which increase attack surface, by vulnerabilities like throwhammer, unless hyper-v has implemented inbuilt mitigations and its a pain to configure potentially hundreds of adapters every single time. Even automating withNvspbind all settings revert on reboot. One way to disable these adapters literally once and for all is to disable "DNScache" aka "Dns Client" service and use a third-party DNS service such asAcrylic , or SimpleDNSCrypt. Be sure to comb through Acrylics configuration with a fine toothed comb because initially your default DNS provider will automatically be set to google or cloudflare. Then point acrylic to your router IP, or preferred DNS server, and set all your adapters DNS settings to 127.0.0.1.


You must disable DNSCache with regedit, here Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache


Set startup to 4, and reboot.


Aside from EventViewer errors clouding up the logs, The only minor caveat is you may see a single adapter constantly and briefly appearing and disappearing underControl Panel\Network and Internet\Network Connections and your device manager window may constantly refresh each time it attempts to install adapters. Another caveat is that initially loading the windows store you will get an error, unless you have previously opened the store with DNScache enabled. After that the store will work indefinitely unless you reset it. Not a big price to pay given how annoying this is, this actually works.

:)

 

Hyper V deativication

Hi Geoffrey,

Hyper-V lets you run an operating system or computer system as a virtual machine on Windows. Before proceeding in disabling
Hyper-V, please create a backup of your files for security purposes.

To disable Hyper-V, please follow the steps below:

• On the Cortana search box, type Turn Windows Features on or off and press
  Enter.
• Look for the Hyper-V folder.
• Uncheck the tick-box next to the main Hyper-V folder and click
  OK.
• Restart your PC.

Should you have further questions, please let us know.

 

How to enable Hyper V windows 10

fwiw;

Operating System Requirements

The Hyper-V
role can be enabled on these versions of Windows 10:

• Windows 10 Enterprise
• Windows 10 Professional
• Windows 10 Education

The Hyper-V role cannot be installed on:

• Windows 10 Home
• Windows 10 Mobile
• Windows 10 Mobile Enterprise

 

Moving Hyper-V to Another Disk

1. Export the virtual machines to the drive where you want to move them (tutorial).
2. When all VMs have been exported, delete them in Hyper-V Manager.
3. When Hyper-V Manager is empty, not showing any VMs, import the previously exported VMs (tutorial). In Option One Step 6 of the tutorial, you need to select Register the virtual machine in-place, or if choosing Option Two in tutorial, select Step 2.

Easy!