Along with today's updates, Microsoft has announced that the RemoteFX vGPU feature will be disabled for Hyper-V virtual machines. Microsoft had found a serious vulnerability in this feature, so it will be disabled from now.
The vGPU feature for RemoteFX makes it possible for multiple virtual machines to share a physical GPU. Rendering and compute resources are shared dynamically among virtual machines, making RemoteFX vGPU appropriate for high-burst workloads where dedicated GPU resources are not required. For example, in a VDI service, RemoteFX vGPU can be used to offload app rendering costs to the GPU, with the effect of decreasing CPU load and improving service scalability.
The new vulnerability, with the ID CVE-2020-1036, exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system, attacking certain third-party video drivers running on the Hyper-V host. This could then cause the host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.
There will be no patch to fix this vulnerability. Instead, Microsoft forcibly disables it with cumulative updates. RemoteFX vGPU has been deprecated in Windows Server 2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX vGPU.
However, there are scenarios when you need RemoteFX to be enabled at least for one VM launch. Without it, attempts to start virtual machines (VMs) will fail, and messages such as the following will appear:
- “The virtual machine cannot be started because all the RemoteFX-capable GPUs are disabled in Hyper-V Manager.”
- “The virtual machine cannot be started because the server has insufficient GPU resources.”
To re-enable RemoteFX vGPU,
For Windows 10, version 1803 and earlier versions
- To configure RemoteFX vGPU, add the RemoteFX 3D graphics adapter to the virtual machine (VM). For more information, see Configure the RemoteFX vGPU 3D adapter.
- To configure the RemoteFX vGPU 3D adapter, use one of the following methods:
Method 1: Configure RemoteFX vGPU with Hyper-V Manager
- Stop the VM if it's currently running.
- Open Hyper-V Manager and navigate to VM Settings, and then select Add Hardware.
- Select RemoteFX 3D Graphics Adapter, and then select Add.
Method 2: Configure RemoteFX vGPU with PowerShell cmdlets
To configure the RemoteFX vGPU 3D adapter, you must use the following PowerShell cmdlets:
- Add-VMRemoteFx3dVideoAdapter
- Get-VMRemoteFx3dVideoAdapter
- Set-VMRemoteFx3dVideoAdapter
- Get-VMRemoteFXPhysicalVideoAdapter
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
Kudos to Microsoft. They remove features people paid for and give them new Teletubbie icon sets instead.
well.. this is bad..