Microsoft disables RemoteFX vGPU in all Windows Server versions due to unpatched vulnerability

0

Microsoft has disabled RemoteFX vGPU for all Windows servers in the July 2020 Cumulative update because of an unpatched CVE-2020-1036 vulnerability

Microsoft yesterday released the July 2020 cumulative update for Windows 10 run PC/laptops. It also released a simultaneous KB KB4569509 patch for the Windows Server versions to patch it against the SIGRed Windows DNS flaw that could have enabled a potential hacker to take over the complete Windows Server run systems.

The Windows Server patches rolled out by Microsoft also make a very important change in RemoteFX vGPU. The new patch disables RemoteFX vGPU and Microsoft want’s all sysadmins using Windows Servers to patch their systems to disable the RemoteFX vGPU.

What is RemoteFX vGPU?

RemoteFX vGPU feature exists in the Windows Server version which was introduced with Windows 7. The vGPU feature for RemoteFX makes it possible for multiple virtual machines to share a physical GPU. Rendering and compute resources are shared dynamically among virtual machines, making RemoteFX vGPU appropriate for high-burst workloads where dedicated GPU resources are not required. For example, in a VDI service, RemoteFX vGPU can be used to offload app rendering costs to the GPU, with the effect of decreasing CPU load and improving service scalability.

After installing the July 2020 cumulative patches for Windows Server versions, the RemoteFX vGPU is officially disabled. The reason behind doing this was an unpatched security vulnerability that affected all  Windows Server versions. Here is a list of the Microsoft’s Windows 10 July 2020 cumulative patches:

July 14 cumulative updates

The security vulnerability in Hyper-V RemoteFX vGPU has been issued an identifier CVE-2020-1036 and is highly critical. The flaw could allow potential hackers to run arbitrary code by running a specially crafted app to run on an exposed system, Microsoft says that since it could not patch this vulnerability it decided to completely disable the RemoteFX vGPU.

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system, attacking certain third-party video drivers running on the Hyper-V host. This could then cause the host operating system to execute arbitrary code.

Microsoft security bulletin for CVE-2020-1036.

Microsoft has asked every Windows Server user to apply the July 2020 patch which will disable the feature and thus remove the vulnerability. It added that it was not aware of the CVE-2020-1036 being exploited in the wild.

After installing the patch, if the Sysadmin wants they can enable RemoteFX vGPU manually using the Hyper-V Manager or PowerShell cmdlets. However, Microsoft will completely disable the feature starting 9th February 2021.

“The current implementation of RemoteFX vGPU appears susceptible to security vulnerabilities. Because these newly identified vulnerabilities are architectural in nature, and the feature is already removed from newer versions of Windows, the July 14, 2020 security updates and all superseding Windows Updates will disable and remove the RemoteFX vGPU feature. Starting with the July 14, 2020 security updates, this and all superseding Windows Updates will disable the RemoteFX vGPU feature,” the company says.

After installing the July 2020 cumulative patch, if the sysadmin tries to launch a virtual machine configured with the RemoteFX adapter, they would get this error message.

The virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.” “The virtual machine cannot be started because the server has insufficient GPU resources.

After applying the patch, if the sysadmin enables the vGPU through Hyper-V Manager or PowerShell cmdlets, the Windows Server will warn them.

We no longer support the RemoteFX 3D video adapter. If you are still using this adapter, you may become vulnerable to security risk. Learn more (https://go.microsoft.com/fwlink/?linkid=213976)

Share.

About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments