CVE Tools
Back to blog

Hyper-V's VMSwitch use-after-free: a guest VM that walks out onto the host (CVE-2026-57092)

The highest-scored bug in Microsoft's July 2026 Patch Tuesday — CVSS 9.9, patched, no public exploit yet

Hyper-V's VMSwitch use-after-free: a guest VM that walks out onto the host (CVE-2026-57092). The highest-scored bug in Microsoft's July 2026 Patch Tuesday — CVSS 9.9, patched, no public exploit yet.
Hyper-V's VMSwitch use-after-free: a guest VM that walks out onto the host (CVE-2026-57092). The highest-scored bug in Microsoft's July 2026 Patch Tuesday — CVSS 9.9, patched, no public exploit yet.

Most privilege-escalation bugs let an attacker climb from user to admin on one machine. This one is different: it crosses the wall between a guest virtual machine and the Hyper-V host that runs it. Microsoft's July 2026 update fixes a use-after-free in VMSwitch (vmswitch.sys), the virtual network switch that lives in the host kernel — and a guest that can send traffic on its own virtual NIC can reach it. Take the host, and you take every VM on it.

What the flaw actually is

vmswitch.sys is the Hyper-V virtual switch. It runs in the host kernel (the root partition) as the networking Virtual Service Provider, and every guest's synthetic network adapter talks to it over VMBus, the channel between partitions. To move packets and configure the virtual NIC, a guest sends RNDIS messages and OID requests into that host-side code. In other words, ordinary guest network activity drives complex parsing inside the host kernel — no host credentials required.

The bug is a use-after-free (CWE-416): while VMSwitch handles a crafted sequence of those guest-supplied requests, it frees an object and then keeps using a stale pointer to it. Because that code runs in the host kernel, controlling the freed memory turns into code execution on the host. Microsoft hasn't published the exact object or trigger, and no reverse-engineering write-up is public yet — but the shape is well understood from earlier VMSwitch bugs.

The exploitation chain

The path from a foothold in a guest to full host compromise is short, and there are only two places worth spending money to break it: shrink who can run untrusted guests, and patch. The diagram traces the chain and marks those chokepoints.

CVE-2026-57092 — guest → host escape via Hyper-V VMSwitch

  1. VMSwitch use-after-free (9.9, guest→host) — A use-after-free in host-kernel vmswitch.sys. Starting point: an attacker who can run code inside a guest VM.
  2. Foothold inside a guest VM — The attacker needs code execution / network-send ability inside a guest (PR:L). On multi-tenant, VDI and cloud hosts, that's just a normal tenant.
  3. Send crafted RNDIS/OID packets over VMBus — The guest's synthetic NIC sends RNDIS messages and OID requests across VMBus to the host VMSwitch, driving stateful parsing in host-kernel code.
  4. Trigger the use-after-free in vmswitch.sys — A crafted sequence frees an object and reuses a stale pointer inside the host-side switch. (Exact object not disclosed by Microsoft.)
  5. Escape the VM boundary → SYSTEM on the host — Controlling the freed allocation yields code execution in the host kernel — scope change, full host compromise. ATT&CK T1611 (Escape to Host) + T1068.
  6. Impact: every co-tenant guest on that host — Host takeover exposes all other VMs on the host — the reason guest-to-host escapes are prized by ransomware and espionage crews.
  7. PREVENT: limit untrusted-guest co-tenancy; restrict VM create/run — Removing the attacker's foothold path — who can run guests, and next to what — is the cheapest control before the host is patched.
  8. PATCH (the real fix): July 14 2026 cumulative — no workaround — The only control that removes the vulnerable code path. Gate on OS build vs the July KB. This neutralizes the whole chain.
  9. DETECT (weak): host bugcheck / vmswitch.sys minidump — A failed exploit may bugcheck the host (Event 1001/41); confirm vmswitch.sys in the minidump. Low-fidelity — inventory + patch-state is the reliable signal.

Am I affected?

Only hosts with the Hyper-V role/feature enabled load vmswitch.sys, so if you don't run Hyper-V you're not exposed. The bug spans the full supported Windows and Windows Server range that ships Hyper-V. The fix ships only inside the July 14, 2026 cumulative update — there is no standalone hotfix — so confirm the OS build, not a driver version.

OS (build)July 2026 KBFixed build
Windows 11 24H2 / Server 2025 (26100); Win11 25H2 (26200)KB510165026100.8875 / 26200.8875
Windows Server 2022 (20348)KB509954020348.5386
Windows Server 2019 / Windows 10 1809 (17763)KB509953817763.9020
Windows 10 22H2 / 21H2 (19045 / 19044)KB509953919045.7548 / 19044.7548
Windows Server 2016 (14393); Server 2012 R2 (9600)in scope — confirm July KB on update history

Exploited in the wild? Stated carefully

As of 2026-07-15: no public proof-of-concept, not on CISA KEV, no EPSS score published, and no in-the-wild reports. Microsoft rates it “Exploitation Less Likely” and the temporal vector carries E:U (exploit code unproven). This landed in a record Patch Tuesday whose actual exploited zero-days were a different set — an AD FS bug (CVE-2026-56155) and a SharePoint bug (CVE-2026-56164). This one's notability is its severity and class, not its exploit maturity.

CVE-2026-57092 — disclosure to now

  1. CVE reserved
    Identifier allocated ahead of the July release.
    source
  2. Published + patched (July Patch Tuesday)
    CVSS 9.9, Exploitation Less Likely; not exploited, not publicly disclosed at release.
    source
  3. Status today
    No public PoC, not on KEV, no EPSS score yet, no in-the-wild reports.
    source

Detection & hunting

Be honest about the ceiling: a kernel-mode use-after-free leaves almost no telemetry when it succeeds, and there is no CVE-specific Sigma, Nuclei, Snort or Defender rule published. The only host-side signal is the opposite of success — a failed attempt that bugchecks the host — plus knowing which hosts are unpatched. So detection here is really inventory + patch-state, with crash-correlation as a weak triage lead.

  • Scope exposure: is Hyper-V enabled (Get-WindowsOptionalFeature / Get-WindowsFeature), and does Get-VMSwitch return a switch? If not, vmswitch.sys isn't even loaded.
  • Gate patch state on OS build, not the driver string — compare each host's build/UBR to the July fixed build for its SKU.
  • Crash-correlation (weak): on inventoried Hyper-V hosts, a bugcheck (System log Event ID 1001 + Kernel-Power Event ID 41) is worth a look — confirm vmswitch.sys as the faulting module in the minidump (!analyze -v). It usually means a failed attempt or unrelated instability, not proof of compromise.
  • MDE/TVM: DeviceTvmSoftwareVulnerabilities | where CveId == "CVE-2026-57092" lists hosts still flagged as missing the fix once TVM ingests the CVE.
# Flag Hyper-V hosts NOT on the July 2026 fixed build (run local or via Invoke-Command)
$fixed = @{'26100'='26100.8875';'26200'='26200.8875';'20348'='20348.5386';
           '17763'='17763.9020';'19045'='19045.7548';'19044'='19044.7548'}
$hv = (Get-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -EA SilentlyContinue).State
if (-not $hv) { try { $hv = (Get-WindowsFeature Hyper-V -EA Stop).InstallState } catch {} }
$cv  = [Environment]::OSVersion.Version
$ubr = (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').UBR
$cur = "$($cv.Build).$ubr"; $req = $fixed[[string]$cv.Build]
$patched = if ($req) { [version]$cur -ge [version]$req } else { $null }   # $null = confirm SKU vs MSRC
[pscustomobject]@{ Host=$env:COMPUTERNAME; HyperV=$hv; OSBuild=$cur;
  FixedRequired=$req; Patched=$patched;
  Exposed=(($hv -match 'Enabled|Installed') -and $patched -ne $true) } | Format-List

What to do now

  1. Inventory your Hyper-V hosts and their build state (script above).
  2. Patch first the hosts that carry untrusted or multi-tenant guests — cloud, VDI, DMZ VM hosts. That's where a guest can actually reach the vulnerable path.
  3. Apply the July 14, 2026 cumulative update and reboot. There is no workaround; patching is the only fix.
  4. Can't patch yet? You can't disable VMSwitch on a working host, so reduce blast radius: restrict who can create/run VMs, isolate the Hyper-V management plane, and treat untrusted guests as hostile until the host is patched.
  5. Verify every host's build is at or above the fixed build, fleet-wide.

FAQ

Is CVE-2026-57092 being exploited?
Not as of 2026-07-15 — no public PoC, not on CISA KEV, and Microsoft rates it Exploitation Less Likely. But the fix is out and this bug class has matured into public PoCs before, so patch it on your next Hyper-V window.
I don't run Hyper-V. Am I affected?
No. vmswitch.sys only loads on hosts with the Hyper-V role/feature enabled. Confirm with Get-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V (client) or Get-WindowsFeature Hyper-V (server).
Is there a workaround if I can't patch immediately?
No vendor workaround — the July 2026 cumulative update is the only fix. You can reduce blast radius by restricting who can run VMs and isolating untrusted guests, but that doesn't remove the vulnerable code.
Why is a low-privilege guest bug scored 9.9?
Because it crosses the VM boundary (CVSS scope Changed): a guest escapes to the Hyper-V host, compromising the host and every other VM on it. That impact, not the starting privilege, drives the score.

Sources