Windows 10: Has Windows 10 Hyper-V introduced "Throwhammer" security Mitigations in vEthernet adapters yet?

Discus and support Has Windows 10 Hyper-V introduced "Throwhammer" security Mitigations in vEthernet adapters yet? in AntiVirus, Firewalls and System Security to solve the problem; Windows 10 Hyper-V enables vEthernet adapters, which are bound to RDMA by default, and which cannot be disabled or modified. Any modification of these... Discussion in 'AntiVirus, Firewalls and System Security' started by tutu_312, Jul 9, 2020.

  1. tutu_312 Win User

    Has Windows 10 Hyper-V introduced "Throwhammer" security Mitigations in vEthernet adapters yet?


    Windows 10 Hyper-V enables vEthernet adapters, which are bound to RDMA by default, and which cannot be disabled or modified. Any modification of these adapters, and their settings is reverted on reboot. If RDMA bindings cannot be disabled on vEthernet, and if Microsoft has not implemented Throwhammer mitigation, this may open Device Guard enabled systems up toThrowhammer related vulnerabilities, unless Microsoft has introduced appropriate software mitigations. My question is, has Microsoft addressed Throwhammer vulnerabilities in Hyper-V virtual ethernet adapters?


    Microsoft, please make user generated vEthernet adapter binding customizations permanent, instead of reverting them to defaults on boot. Two potential attack surface risks become present: the NetBT/NetBIOS binding is permanently enabled opening users to spoofing attacks, RDMA is permanently enabled potentially exposing people to Throwhammer, and any adapter customizations are reset to default upon reboot.


    I found a definitive solution to disable vEthernet, unless and until Microsoft fixes these security flaws. Simply disable DNS Client and use a better third party DNS client. My solution works, even with Hyper-V enabled. Many of us don't want to disable Hyper-V security, and nothing else here worked for me on Windows 10 2004, everything is replaced on reboot, even netbios settings and RDMA which increase attack surface, by vulnerabilities like throwhammer, unless hyper-v has implemented inbuilt mitigations and its a pain to configure potentially hundreds of adapters every single time. Even automating withNvspbind all settings revert on reboot. One way to disable these adapters literally ONCE AND FOR ALL is to disable "DNScache" aka "Dns Client" service and use a third-party DNS service such asAcrylic , or SimpleDNSCrypt. Be sure to comb through Acrylics configuration with a fine toothed comb because initially your default DNS provider will automatically be set to google or cloudflare. Then point acrylic to your router IP, or preferred DNS server, and set all your adapters DNS settings to 127.0.0.1.


    You must disable DNSCache with regedit, here Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache


    Set startup to 4, and reboot.


    Aside from EventViewer errors clouding up the logs, The only minor caveat is you may see a single adapter constantly and briefly appearing and disappearing underControl Panel\Network and Internet\Network Connections and your device manager window may constantly refresh each time it attempts to install adapters. Another caveat is that initially loading the windows store you will get an error, unless you have previously opened the store with DNScache enabled. After that the store will work indefinitely unless you reset it. Not a big price to pay given how annoying this is, this actually works.

    :)
     
    tutu_312, Jul 9, 2020
    #1
  2. Steve C Win User

    Duplicate vEthernet Switch Adapters?

    I have two instances of a vEthernet Switch Adapter after installing a VM in Hyper V. I only have the default switch installed in Hyper V. How do I remove the greyed out adapter? Right clicking does not allow me to delete anything


    Has Windows 10 Hyper-V introduced "Throwhammer" security Mitigations in vEthernet adapters yet? [​IMG]
     
    Steve C, Jul 9, 2020
    #2
  3. kilitary Win User
    Hyper-V on windows 10 Pro [solved]

    Hi,

    I have a problem setting up Hyper-V on windows 10 professional. I tryed many steps including: using powershell to enable hyper-v features, using advanced program setup dialog and using DISM. The hyper-v software is installed, but cant run any contrainer,
    saying virtualization should be enabled. It is enabled in the BIOS and process viewer shows it as Virtualization: Enabled. I have success with virtualbox and vmware on this computer, but not with hyper-V. I tryed fully uninstall virtualbox, vmware, hyper-v,
    reboot then install hyper-v and still no success.

    Tech support says there maybe hardware incompabilities, but dont refer any software/docs to resolve this issue.

    Please help run hyper-V

    Processor: Intel Core i3-4170 CPU @3.70GHz

    Haswell Socket 1150 LGA

    Mainboard: ASUSTeK COMPUTER INC. H81M-K

    BIOS: American Megatrends INC. version 3602 Date 03/26/2018

    PS D:\projects\bp> systeminfo

    OS Name: Microsoft Windows 10 Pro

    OS Version: 10.0.17134 N/A Build 17134

    OS Manufacturer: Microsoft Corporation

    OS Configuration: Standalone Workstation

    OS Build Type: Multiprocessor Free

    Registered Owner: Certified Windows

    Registered Organization:

    Product ID: 00331-10000-00001-AA766

    Original Install Date: 05.05.2018, 6:10:44

    System Boot Time: 11.11.2018, 5:58:05

    System Manufacturer: ASUS

    System Model: All Series

    System Type: x64-based PC

    Processor(s): 1 Processor(s) Installed.

    [01]: Intel64 Family 6 Model 60 Stepping 3 GenuineIntel ~3700 Mhz

    BIOS Version: American Megatrends Inc. 3602, 26.03.2018

    Windows Directory: C:\WINDOWS

    System Directory: C:\WINDOWS\system32

    Boot Device: \Device\HarddiskVolume1

    Input Locale: en-us;English (United States)

    Total Physical Memory: 16 254 MB

    Available Physical Memory: 10 807 MB

    Virtual Memory: Max Size: 31 102 MB

    Virtual Memory: Available: 23 590 MB

    Virtual Memory: In Use: 7 512 MB

    Page File Location(s): C:\pagefile.sys

    D:\pagefile.sys

    Domain: RFGHFGH

    Logon Server: \\FUCKINGCOMPUTER

    Hotfix(s): 7 Hotfix(s) Installed.

    [01]: KB4100347

    [02]: KB4338853

    [03]: KB4343669

    [04]: KB4456655

    [05]: KB4457146

    [06]: KB4462930

    [07]: KB4462933

    Network Card(s): 10 NIC(s) Installed.

    [01]: Hyper-V Virtual Ethernet Adapter

    Connection Name: vEthernet (Коммутатор по у)

    DHCP Enabled: Yes

    DHCP Server: 255.255.255.255

    IP address(es)

    [01]: 172.28.36.145

    [02]: fe80::1d84:a10d:e30b:c0d8

    [02]: Realtek PCIe GbE Family Controller

    Connection Name: sknt

    DHCP Enabled: Yes

    DHCP Server: 192.168.0.1

    IP address(es)

    [01]: 192.168.0.100

    [02]: fe80::8c5a:60bd:5502:7f42

    [03]: Hyper-V Virtual Ethernet Adapter

    Connection Name: vEthernet (DockerNAT)

    DHCP Enabled: No

    IP address(es)

    [01]: 10.0.75.1

    [04]: VirtualBox Host-Only Ethernet Adapter

    Connection Name: VirtualBox Host-Only Network #5

    DHCP Enabled: No

    IP address(es)

    [01]: 192.168.56.1

    [02]: fe80::9920:c9e3:1a62:9b31

    [05]: Hyper-V Virtual Ethernet Adapter

    Connection Name: vEthernet (HvsiIcs)

    Status: Hardware not present

    [06]: VirtualBox Host-Only Ethernet Adapter

    Connection Name: VirtualBox Host-Only Network #6

    DHCP Enabled: No

    IP address(es)

    [01]: 192.168.99.1

    [02]: fe80::71f8:8c5d:6572:3503

    [07]: Hyper-V Virtual Ethernet Adapter

    Connection Name: vEthernet (nat)

    DHCP Enabled: Yes

    DHCP Server: 255.255.255.255

    IP address(es)

    [01]: 172.23.224.1

    [02]: fe80::1861:2221:6f05:f364

    [08]: Hyper-V Virtual Ethernet Adapter

    Connection Name: vEthernet (2b5253f75d3dcd1)

    DHCP Enabled: Yes

    DHCP Server: 255.255.255.255

    IP address(es)

    [01]: 172.31.240.1

    [02]: fe80::7039:6490:4ea0:2010

    [09]: Hyper-V Virtual Ethernet Adapter

    Connection Name: vEthernet (5c881ef6de6c653)

    DHCP Enabled: Yes

    DHCP Server: 255.255.255.255

    IP address(es)

    [01]: 192.168.176.1

    [02]: fe80::1131:3644:1c71:7890

    [10]: Hyper-V Virtual Ethernet Adapter

    Connection Name: vEthernet (e9aabfd7feea2be)

    DHCP Enabled: Yes

    DHCP Server: 255.255.255.255

    IP address(es)

    [01]: 172.18.16.1

    [02]: fe80::a569:9954:e3b2:6f0d

    Hyper-V Requirements: VM Monitor Mode Extensions: Yes

    Virtualization Enabled In Firmware: Yes

    Second Level Address Translation: Yes

    Data Execution Prevention Available: Yes
     
    kilitary, Jul 9, 2020
    #3
  4. Has Windows 10 Hyper-V introduced "Throwhammer" security Mitigations in vEthernet adapters yet?

    Problem in geting Hyper--V connecting to internet

    Greetings Ladies and Gentlemen, I have a Windows 10 Pro 64 bit, Windows Defender on a laptop. I update twice daily. I have installed Hyper-V and gotten as far as enabling vethernet switch. But I have been unable to get internal switch enabled. Under control
    panel, network and internet, network connections I have: vethernet (default switch) disabled Hyper--V ethernet system and underneath that I have vethernet (new virtual switch) disabled Hyper--V ethernet system. How do I get the best one connected to the internet
    ? I tried enabling but can not remove neither of them and reinstall one. Troubleshooting, both of them, suggested a reboot, that did not do anything. Please tell me how can I correct this ? Thank you
     
    CharlesLaMonte, Jul 9, 2020
    #4
Thema:

Has Windows 10 Hyper-V introduced "Throwhammer" security Mitigations in vEthernet adapters yet?

Loading...
  1. Has Windows 10 Hyper-V introduced "Throwhammer" security Mitigations in vEthernet adapters yet? - Similar Threads - Has Hyper introduced

  2. Adapter settings in Hyper-V

    in Windows 10 Customization
    Adapter settings in Hyper-V: Hello in Hyper-V Manager Action Settings, I am trying to select those settings that I need to get my Windows XP virtual computer connected to the network. From what I have read online, I need to select the Legacy Network Adapter item and click the Add button to create a...
  3. cannot permanently remove vEthernet adapter after removing Hyper-V

    in Windows 10 Ask Insider
    cannot permanently remove vEthernet adapter after removing Hyper-V: I enabled Hyper-V on a Windows 10 Pro machine to try using a Virtual Machine, but could never get the networking right. I could get either the VM or the host machine to have internet access, but never got both working simultaneously. I decided to give up on Hyper-V and...
  4. Has Windows 10 and Hyper-V introduced "Throwhammer" security Mitigations in Ethernet /...

    in AntiVirus, Firewalls and System Security
    Has Windows 10 and Hyper-V introduced "Throwhammer" security Mitigations in Ethernet /...: Windows 10 Hyper-V enables vEthernet adapters, which are bound to RDMA by default, and which cannot be disabled or modified. Any modification of these adapters, and their settings is reverted on reboot. If RDMA bindings cannot be disabled on vEthernet, and if Microsoft has...
  5. Does Windows 10 Hyper-V have "Throwhammer" security Mitigations in vEthernet adapters yet?

    in AntiVirus, Firewalls and System Security
    Does Windows 10 Hyper-V have "Throwhammer" security Mitigations in vEthernet adapters yet?: Windows 10 Hyper-V enables vEthernet adapters, which are bound to RDMA by default, and which cannot be disabled or modified. Any modification of these adapters, and their settings is reverted on reboot. If RDMA bindings cannot be disabled on vEthernet, and if Microsoft has...
  6. Cannot remove vEthernet Ethernet, Hyper-V Virtual Ethernet Adapter

    in Windows 10 Network and Sharing
    Cannot remove vEthernet Ethernet, Hyper-V Virtual Ethernet Adapter: Problem: Have to disable 'vEthernet Ethernet' after every reboot to be able to use my local network. Cannot permanently delete this Hyper-V Virtual Ethernet Adapter, which is of no use for me. Windows 10 Pro ver.2004: no VPN, no Virtual Machine, no Sandbox But I have had...
  7. Hyper-V Network Adapter Bridge Mode?

    in Windows 10 Virtualization
    Hyper-V Network Adapter Bridge Mode?: I'm running successfully running Android BlueStacks in a Hyper-V machine and have network connectivity through the host adapter. However, one Android app I run does not fully function because it believes the device is not on the same subnet as the actual host machine. Someone...
  8. Network adapters not appearing in Hyper-V

    in Windows 10 Virtualization
    Network adapters not appearing in Hyper-V: Hello. I'm hoping somebody knowledgeable can help me. I've looked online and I can't find an answer for this problem. I've just recently picked up windows 10 (It's been less than a week so I'm admittedly a noob with it) and I want to create a virtual machine. I've gone...
  9. Hyper-V VM has no sound

    in Windows 10 Virtualization
    Hyper-V VM has no sound: This is my first attempt at using Hyper-V. Installation in my Win 10 Pro worked well right up until I tried using the virtual machines sound. No sound device reported. I opened device manager the only option I could see was Audio inputs and outputs. Expanding and a device...
  10. Windows 10 and Hyper-V

    in Windows 10 Installation and Upgrade
    Windows 10 and Hyper-V: I tried to install the preview as a virtual machine and everything went fine until after a reboot following the download and installation of the updates. Both 8.1 & 10 locked up with a strange crackling noise through the speakers every few seconds. One good thing about a...