Tag Archives: true

Hyper-V Quick Tip: How to Enable Nested Virtualization

Q: How Do I Enable Nested Virtualization for Hyper-V Virtual Machines

A: Pass $true for Set-VMProcessor’s “ExposeVirtualizationExtensions” parameter

In its absolute simplest form:

Set-VMProcessor has several other parameters which you can view in its online help.

As shown above, the first parameter is positional, meaning that it guesses that I supplied a virtual machine’s name because it’s in the first slot and I didn’t tell it otherwise. For interactive work, that’s fine. In scripting, try to always fully-qualify every parameter so that you and other maintainers don’t need to guess:

The Set-VMProcessor cmdlet also accepts pipeline input. Therefore, you can do things like:

Requirements for Nested Virtualization

In order for nested virtualization to work, you must meet all of the following:

  • The Hyper-V host must be at least the Anniversary Edition version of Windows 10, Windows Server 2016, Hyper-V Server 2016, or Windows Server Semi-Annual Channel
  • The Hyper-V host must be using Intel CPUs. AMD is not yet supported
  • A virtual machine must be off to have its processor extensions changed

No configuration changes are necessary for the host.

Microsoft only guarantees that you can run Hyper-V nested within Hyper-V. Other hypervisors may work, but you will not receive support either way. You may have mixed results trying to run different versions of Hyper-V. I am unaware of any support statement on this, but I’ve had problems running mismatched levels of major versions.

Memory Changes for Nested Virtual Machines

Be aware that a virtual machine with virtualization extensions exposed will always use its configured value for Startup memory. You cannot use Dynamic Memory, nor can you change the virtual machine’s fixed memory while it is running.

Remember, as always, I’m here to help, so send me any questions you have on this topic using the question form below and I’ll get back to you as soon as I can.

More Hyper-V Quick Tips from Eric:

Hyper-V Quick Tip: How to Choose a Live Migration Performance Solution

Hyper-V Quick Tip: How Many Cluster Networks Should I Use?

Wanted – MacBook Air 13.3

Hi True Romance,

As discussed, I have a Macbook Air for sale. It unfortunately is more than 2 years old, but is in really good condition. It is a refurb model from OCM, which I ordered on 9 October 2017. It therefore still has the remainder of the 6 months warranty that you get with OCM to give you a piece of mind.

Just for info, this actually I received after my first Mac ended up developing a faulty keyboard. OCM were very good at getting out a replacement which is actually better than the one I did have.

It doesn’t say what year, but it’s almost certainly either later 2013 or early 2014.

It does not have the original box, but I have the box it came in and it will be very well packaged up.

Comes with PAT tested magnetic charger.

Spec is Core i7 1.7 Ghz, 8Gb RAM, 250 Gb SSD, Intel Graphics 5000.

If you were to buy it, I will also chuck in a laptop sleeve (its from an HP Spectre, but it does the job and it’s not at all obvious that its HP!), and if you like, I will chuck in the £6 Mini Display Port to Display Port cable. Using that, I was able to connect to my 21:9 monitor and display 2560×1080 natively which was very nice! I’m assured it will happily go up to 3440×1440.

I’d be looking to get about £500 for it including RMSD.

Let me know if you are interested.

Wanted – MacBook Air 13.3

Hi True Romance,

As discussed, I have a Macbook Air for sale. It unfortunately is more than 2 years old, but is in really good condition. It is a refurb model from OCM, which I ordered on 9 October 2017. It therefore still has the remainder of the 6 months warranty that you get with OCM to give you a piece of mind.

Just for info, this actually I received after my first Mac ended up developing a faulty keyboard. OCM were very good at getting out a replacement which is actually better than the one I did have.

It doesn’t say what year, but it’s almost certainly either later 2013 or early 2014.

It does not have the original box, but I have the box it came in and it will be very well packaged up.

Comes with PAT tested magnetic charger.

Spec is Core i7 1.7 Ghz, 8Gb RAM, 250 Gb SSD, Intel Graphics 5000.

If you were to buy it, I will also chuck in a laptop sleeve (its from an HP Spectre, but it does the job and it’s not at all obvious that its HP!), and if you like, I will chuck in the £6 Mini Display Port to Display Port cable. Using that, I was able to connect to my 21:9 monitor and display 2560×1080 natively which was very nice! I’m assured it will happily go up to 3440×1440.

I’d be looking to get about £500 for it including RMSD.

Let me know if you are interested.

Wanted – MacBook Air 13.3

Hi True Romance,

As discussed, I have a Macbook Air for sale. It unfortunately is more than 2 years old, but is in really good condition. It is a refurb model from OCM, which I ordered on 9 October 2017. It therefore still has the remainder of the 6 months warranty that you get with OCM to give you a piece of mind.

Just for info, this actually I received after my first Mac ended up developing a faulty keyboard. OCM were very good at getting out a replacement which is actually better than the one I did have.

It doesn’t say what year, but it’s almost certainly either later 2013 or early 2014.

It does not have the original box, but I have the box it came in and it will be very well packaged up.

Comes with PAT tested magnetic charger.

Spec is Core i7 1.7 Ghz, 8Gb RAM, 250 Gb SSD, Intel Graphics 5000.

If you were to buy it, I will also chuck in a laptop sleeve (its from an HP Spectre, but it does the job and it’s not at all obvious that its HP!), and if you like, I will chuck in the £6 Mini Display Port to Display Port cable. Using that, I was able to connect to my 21:9 monitor and display 2560×1080 natively which was very nice! I’m assured it will happily go up to 3440×1440.

I’d be looking to get about £500 for it including RMSD.

Let me know if you are interested.

Wanted – MacBook Air 13.3

Hi True Romance,

As discussed, I have a Macbook Air for sale. It unfortunately is more than 2 years old, but is in really good condition. It is a refurb model from OCM, which I ordered on 9 October 2017. It therefore still has the remainder of the 6 months warranty that you get with OCM to give you a piece of mind.

Just for info, this actually I received after my first Mac ended up developing a faulty keyboard. OCM were very good at getting out a replacement which is actually better than the one I did have.

It doesn’t say what year, but it’s almost certainly either later 2013 or early 2014.

It does not have the original box, but I have the box it came in and it will be very well packaged up.

Comes with PAT tested magnetic charger.

Spec is Core i7 1.7 Ghz, 8Gb RAM, 250 Gb SSD, Intel Graphics 5000.

If you were to buy it, I will also chuck in a laptop sleeve (its from an HP Spectre, but it does the job and it’s not at all obvious that its HP!), and if you like, I will chuck in the £6 Mini Display Port to Display Port cable. Using that, I was able to connect to my 21:9 monitor and display 2560×1080 natively which was very nice! I’m assured it will happily go up to 3440×1440.

I’d be looking to get about £500 for it including RMSD.

Let me know if you are interested.

For Sale – GTX 970 GAMING 4G

Ok no worries. It was a pretty generous offer, £5 more than the maximum price I would expect one of these to go for in 2017. It is 3 years old now, don’t forget. Without the current mining craze you would be looking at lower than £100.

As I said before, I only offered the higher price as I am looking to upgrade ASAP and your card looks decent quality.

But, I wish you the best of luck with selling it.

Meanwhile, I will be on the look out for a decent 970 for around £100, or possibly hold out and see what the 1060 6GB is going for on Black Friday :)

Once again, good luck with your sale. I will be very interested to see if you do get more than £120 for it.

Cheers

Apache Struts vulnerability blamed for Equifax data breach

Speculation about the cause of the Equifax breach has been proven true as the company has confirmed that an unpatched critical Apache Struts vulnerability was used by attackers to steal data.

Late on Sept. 13, 2017, Equifax updated its breach information page to say its investigation into the incident revealed that the attackers exploited a web app vulnerability and identified that vulnerability as Apache Struts CVE-2017-5638.

This Apache Struts vulnerability was disclosed and patched in March 2017 and was given the highest critical rating on the CVSS, because it is a remote code execution flaw that was found being exploited in the wild at that time.

Equifax has not released any more details beyond what is on its breach page, but the company had previously said the intrusion into its systems began in mid-May, implying the Apache Struts vulnerability was left unpatched for at least two months.

Equifax has not responded to requests for comment at the time of this post.

Why patch management matters

Leigh-Anne Galloway, cyber security resilience officer at Positive Technologies, an enterprise security company based in Framingham, Mass., said it is fairly common to see companies failing at the basic things  like “proper patch management, secure software development, processes and procedures.”

“In this case, the vulnerability allowed attackers to execute arbitrary code on a server by manipulating the Content-Type HTTP header. Given how often flaws of this nature are discovered, it’s therefore not a huge surprise that an exploit of a vulnerability was the entry point for the Equifax breach,” Galloway told SearchSecurity. “The cause though was a failure on Equifax’s part to patch the issue when a fix became available. The Equifax breach is an example of where some simple measures like a web application firewall and patch management could have prevented a breach of unprecedented scale from occurring.”

Jeff Williams, co-founder and CTO at Contrast Security, an application security company based in Los Altos, Calif., called it “outrageous that companies haven’t deployed the technology they need to protect applications from vulnerabilities during development and from attacks in operations.” 

“This is not some crazy movie-plot attack scenario. Everyone knows that library vulnerabilities are disclosed many times a year,” Williams told SearchSecurity. “Companies that have been relying on legacy application security tools from the early 2000s to protect their enterprise have a very false sense of their security. Those tools are simply too slow, inaccurate, and manual intensive to provide protection for modern applications and modern threats.”

This is not some crazy movie-plot attack scenario. Everyone knows that library vulnerabilities are disclosed many times a year.
Jeff WilliamsCo-founder and CTO at Contrast Security

Jonathan Cran, vice president of product for Bugcrowd, said it is important to note that “every vulnerability is unique and depends on the nature of the flaw and the environment in which it exists.”

“In most cases, [the Apache Struts vulnerability] would have been discoverable via automated scans, given that the attack vector was an HTTP header. That said, there are certainly cases where automated scans wouldn’t have found it, such as when the Struts component of an application was behind authentication,” Cran told SearchSecurity. “Given the ease with which this vulnerability can be discovered, a public disclosure program would have very likely surfaced the issue to Equifax, and would do the same for other companies.

Michael Patterson, CEO of Plixer International Inc., a network traffic analysis company based in Kennebunk, Maine, said it was “completely understandable” that a single Apache Struts vulnerability like this could lead to such a large data breach.

“All it takes is a pin hole and you have a leak that causes major damage,” Patterson told SearchSecurity. “Sometimes code bases don’t easily migrate to a new version of Apache.  Patches can introduce bugs which take time to fix. The issues can be cascading.”