Guest Operating Systems

 View Only
  • 1.  Risk of disabling VBS

    Posted Mar 20, 2023 02:21 PM



    We are using VBS (Credential Guard and HVCI) on all our new servers, that are running on VMware.

    Its a really cool feature, but we are limited by the fact, that we cant hot-add memory on our SQL servers.

    Hot-add memory and CPU will not operate for Windows virtual machines when Virtualization Based Security (VBS) is enabled within OS (52584) (


    So im trying to figure out, how big the risk is, of disabling it from a handful of SQL Servers.

    From my understanding, we would be vulnerable to:

    1. Dumping the lsass process, and perform a NTLM attack

    (Our SQL Servers are very limited to who can access them, and they are automatically logged out after 6 hours of inactivity - also SQL Management studio isnt installed on the SQL Server - so people never RDP to them)


    2. Memory injections - Memory integrity enablement | Microsoft Learn


    Im not saying that these things are not serious, but from my understanding, the attack surface is very small on the SQL Servers - since we have already taken several other security measures, to further limit potential exploits based on Microsofts best practice.


    Any thoughts?