CVE-2020-1040

What is Hyper-V RemoteFX vGPU?

Microsoft Hyper-V is the hypervisor built into Windows Server, enabling virtual machine hosting. RemoteFX vGPU is a Hyper-V feature that allows virtual machines to share access to the host's physical GPU for graphics acceleration — enabling DirectX and OpenGL workloads within VMs for desktop virtualization (VDI) use cases. RemoteFX vGPU acts as a driver layer between the guest VM's virtual GPU and the host's physical GPU, translating GPU commands from the VM into requests serviced by the host hardware. This host-guest boundary is a critical security boundary — commands from a VM guest should never be able to influence the host OS's execution. Improper input validation in the RemoteFX vGPU driver on the host side allows crafted input from within a guest VM to corrupt host memory, enabling a VM escape.

Overview

CVE-2020-1040 is an improper input validation (CWE-20) vulnerability in Microsoft Hyper-V's RemoteFX vGPU component that allows an authenticated user within a guest virtual machine to execute code on the Hyper-V host by sending crafted vGPU input. This is a VM escape vulnerability — code execution in a guest VM leads to code execution in the host hypervisor context, which can then affect all VMs on the host. It was patched in July 2020 Patch Tuesday alongside CVE-2020-1036 (another RemoteFX RCE). Due to fundamental security issues with RemoteFX vGPU, Microsoft subsequently released KB4570006 in September 2020 to permanently remove the feature from Windows. CISA added it to KEV in November 2021.

Affected Versions

Technical Details

• Root cause: Improper input validation (CWE-20) in the Hyper-V host's RemoteFX vGPU driver — the host-side RemoteFX driver processes GPU command streams originating from guest VMs; the driver fails to properly validate the bounds or format of GPU commands received from the guest; crafted input exploits this to corrupt host-side memory, overwriting code pointers or control structures in the Hyper-V process to redirect execution
• VM escape (AV:A): The Attack Vector is Adjacent (A) rather than Network — the attacker must have code execution inside a guest VM to send crafted vGPU commands; this is not a pure remote attack but a privilege escalation across the VM/host boundary; once inside a guest VM (via any means), the attacker uses CVE-2020-1040 to escape to the host
• Scope: Changed (S:C): S:C reflects the security boundary crossing from guest VM to host hypervisor — the attacker moves from an isolated VM context to the host OS that controls all VMs on the physical server; full host compromise allows reading/modifying all VMs' memory and disk, persisting across VM reboots, and affecting the entire virtualized infrastructure
• PR:L (authenticated guest user): Any user authenticated to a guest VM with RemoteFX vGPU enabled can trigger the exploit — no guest administrator privileges are required, making this exploitable from any user account inside the VM
• Microsoft's response — feature removal: The severity of CVE-2020-1040 and related RemoteFX vulnerabilities led Microsoft to take the unusual step of permanently removing RemoteFX vGPU from Windows via KB4570006 (September 2020), indicating that the feature's security architecture had fundamental flaws that could not be adequately addressed by incremental patches

Discovery

Identified and reported to Microsoft by security researchers. Microsoft patched CVE-2020-1040 alongside CVE-2020-1036 in the July 2020 Patch Tuesday. The subsequent decision to remove RemoteFX vGPU entirely (KB4570006, September 2020) suggests Microsoft's internal analysis concluded that the feature's design made it inherently difficult to secure against VM escape.

Exploitation Context

VM escape vulnerabilities are among the most severe in virtualization security because they undermine the fundamental isolation guarantee of hypervisors. In multi-tenant cloud and VDI environments, a guest VM user who escapes to the host can access data and VMs belonging to other tenants or users. CVE-2020-1040 requires code execution inside a guest VM as a prerequisite — typically achievable via software vulnerabilities in applications running inside the VM. An attacker who exploits a user-space vulnerability in a VM application, then uses CVE-2020-1040 to escape to the host, achieves full physical server compromise from a single application vulnerability.

Remediation

1. Apply July 2020 Patch Tuesday security updates — patches CVE-2020-1040 in RemoteFX vGPU
2. Apply KB4570006 (September 2020) — removes RemoteFX vGPU entirely from Windows; this is Microsoft's recommended long-term remediation and eliminates the attack surface
3. If RemoteFX vGPU is required for VDI workloads: after patching, evaluate migrating to alternative GPU virtualization solutions (NVIDIA vGPU, AMD MxGPU, or Azure Virtual Desktop with modern GPU support) that do not rely on RemoteFX
4. Disable RemoteFX vGPU manually via Group Policy or Hyper-V Manager if KB4570006 cannot be applied immediately: Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → RemoteFX for Windows Server 2008 R2
5. Apply July 2020 patches to all Windows Server Hyper-V hosts in the environment — prioritize hosts running VDI workloads where RemoteFX vGPU was enabled