VMware Cloud Community
tjolo
Contributor
Contributor

Risk of disabling VBS

Hi,

 

We are using VBS (Credential Guard and HVCI) on all our new servers, that are running on VMware.

Its a really cool feature, but we are limited by the fact, that we cant hot-add memory on our SQL servers.

Hot-add memory and CPU will not operate for Windows virtual machines when Virtualization Based Secur...

 

So im trying to figure out, how big the risk is, of disabling it from a handful of SQL Servers.

From my understanding, we would be vulnerable to:

1. Dumping the lsass process, and perform a NTLM attack

(Our SQL Servers are very limited to who can access them, and they are automatically logged out after 6 hours of inactivity - also SQL Management studio isnt installed on the SQL Server - so people never RDP to them)

 

2. Memory injections - Memory integrity enablement | Microsoft Learn

 

Im not saying that these things are not serious, but from my understanding, the attack surface is very small on the SQL Servers - since we have already taken several other security measures, to further limit potential exploits based on Microsofts best practice.

 

Any thoughts?

Reply
0 Kudos
0 Replies