Microsoft disclosed and patched several Windows Hyper-V elevation of privilege vulnerabilities tracked as CVE-2022-21901, CVE-2023-36427, CVE-2024-43624, and CVE-2025-54098. The advisories identify a recurring security issue affecting Hyper-V components, including one flaw specifically tied to Hyper-V Shared Virtual Disk, with each entry published through Microsoft's Security Update Guide and related advisory portals.
The vulnerabilities could allow attackers to gain higher privileges on affected Windows systems running Hyper-V, increasing the risk to virtualized environments and hosts that rely on Microsoft's hypervisor stack. Organizations using Hyper-V should review the relevant Microsoft advisories, determine exposure across guest and host infrastructure, and prioritize deployment of the corresponding security updates to reduce the chance of privilege escalation in enterprise virtualization deployments.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Microsoft published CVE-2025-54098 in its Security Update Guide as a Windows Hyper-V Elevation of Privilege vulnerability.
Microsoft released Security Update Guide details for CVE-2024-43624, identified as a Windows Hyper-V Shared Virtual Disk Elevation of Privilege vulnerability.
Microsoft published Security Update Guide information for CVE-2023-36427, describing it as a Windows Hyper-V Elevation of Privilege vulnerability.
Microsoft added CVE-2022-21901 to its Security Update Guide as a Windows Hyper-V Elevation of Privilege vulnerability.
4 references tracked. Mallory keeps watching after this page renders.
msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceportal.msrc.microsoft.com
Open sourceportal.msrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.