Guest Operating Systems

 View Only
  • 1.  Risk of disabling VBS

    Posted Mar 20, 2023 02:21 PM

    Hi,

     

    We are using VBS (Credential Guard and HVCI) on all our new servers, that are running on VMware.

    Its a really cool feature, but we are limited by the fact, that we cant hot-add memory on our SQL servers.

    Hot-add memory and CPU will not operate for Windows virtual machines when Virtualization Based Security (VBS) is enabled within OS (52584) (vmware.com)

     

    So im trying to figure out, how big the risk is, of disabling it from a handful of SQL Servers.

    From my understanding, we would be vulnerable to:

    1. Dumping the lsass process, and perform a NTLM attack

    (Our SQL Servers are very limited to who can access them, and they are automatically logged out after 6 hours of inactivity - also SQL Management studio isnt installed on the SQL Server - so people never RDP to them)

     

    2. Memory injections - Memory integrity enablement | Microsoft Learn

     

    Im not saying that these things are not serious, but from my understanding, the attack surface is very small on the SQL Servers - since we have already taken several other security measures, to further limit potential exploits based on Microsofts best practice.

     

    Any thoughts?