Published: June 2, 2025
Windows PV Drivers Vulnerability and Requests for Updates
Vates has announced the discovery of multiple critical vulnerabilities in the Xen PV drivers used in Windows virtual machines. If exploited, these flaws could enable a non-privileged user within the VM to escalate to system-level privileges, making urgent action necessary.
Affected customers are requested to review the following points carefully and take any necessary actions accordingly.
Eligible Customers
This offer is available to customers who meet all the conditions listed below:
- Currently under contract for High Response Private Cloud (Xen Type)
- Running Xen PV drivers on a Xen virtual platform on a Windows virtual machine.
※This applies to XenServer VM Tools 9.4.1 or XCP-ng driver versions older than 9.0.9065.
※Virtual Machines other than Windows OS are not effected.
Impact Of This Vulnerability
An attacker who executes arbitrary unprivileged code within a Windows virtual machine may potentially compromise that virtual machine.
What Customers Should Do
- Log in to the Windows VM and check the installation of the Xen PV drivers.
- If the driver is outdated, install the latest version of the Xen PV driver.
For information on how to install the Xen PV drivers, see the following manual:
Inquiries About This Matter
For inquiries regarding this matter, please contact us using the details below.