For the first time since its official launch 18 months ago, Microsoft has issued a critical security patch for Hyper-V. The fix is available for all windows 2008 and 2008R2 installations.
The update resolves a vulnerability in Hyper-V that could allow a denial of services attack if a malformed sequence of instructions is run on a virtual guest running on the Hyper-V Server. However, the attacker must have valid logon credentials and be able to logon locally into the virtual machine.
The impact of the vulnerability is limited, in most scenarios, administrator access to the virtual hosts is limited to trusted administrators. In proper designed SBC cases the users have limited rights and cannot launch the malformed sequence of instructions. In some VDI scenarios it is possible that users have local administrator rights within their virtual machine and thus are capable to attack the underlying Hyper-V Server.
For more information about the vulnerability you can visit KB977894: VERY Important Hyper-V Security Update