Microsoft has published an advisory describing CVE-2025-48813, a Virtual Secure Mode (VSM) spoofing vulnerability that arises when a VSM key is accepted past its expiration date—allowing an authorized local attacker to spoof identities or services inside the VSM isolation boundary. The issue is...
In this video I spent some time with David Hepkin, a member of the Windows engineering team working on Hyper-V, to get a better understanding of the Windows 10 Virtual Secure Mode. I've had the good fortune of learning a lot about Isolated User Mode with several folks in the kernel team. In this...