Microsoft yesterday sent out cumulative updates for Windows 10 and Windows Server as part of July 2020 Patch Tuesday. While users received the usual round of security patches and issue fixes, there was something else included. Specifically, Microsoft has now disabled Hyper-V RemoteFX vGPU in Windows Server.
Before continuing, it is worth noting this is effective immediately and is across all Windows Server versions. In its release notes for July 2020 Patch Tuesday, Microsoft says it took the action because of security concerns around RemoteFX vGPU.
More accurately, a security vulnerability the company says affects all versions of Windows Server. If exploited, an attacker could use this flaw to run arbitrary code on a compromised PC. Microsoft points out no patch exists for this vulnerability, so it was easier to just end support of the feature.
“A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system, attacking certain third-party video drivers running on the Hyper-V host. This could then cause the host operating system to execute arbitrary code,” Microsoft explains in CVE-2020-1036.
RemoteFX vGPU is a component of RemoteFX that was debuted Windows Server 2008 R2 SP1. RemoteFX arrived with Windows 7 as a group of tool that enhance the visual experience of Microsoft's remote display protocol Remote Desktop Protocol (RDP).
vGPU extended the abilities of RemoteFX with a virtualized instance of a physical GPU into multiple Windows 7 virtual machines.
It seems Microsoft has acted swiftly to disable the feature. The company says it has not found any instances of an exploit for the vulnerability in the wild. As such, Microsoft says “exploitation is less likely”.
While the feature is officially disabled as of yesterday, users can continue to access RemoteFX vGPU by manually using it through PowerShell cmdlets or Hyper-V Manager. That will be possible until Feb 9, 2021 when Microsoft will shut it down completely.
“The current implementation of RemoteFX vGPU appears susceptible to security vulnerabilities. Because these newly identified vulnerabilities are architectural in nature, and the feature is already removed from newer versions of Windows, the July 14, 2020 security updates and all superseding Windows Updates will disable and remove the RemoteFX vGPU feature. Starting with the July 14, 2020 security updates, this and all superseding Windows Updates will disable the RemoteFX vGPU feature,” the company says.