Microsoft Hyper-V 2008 earns the Common Criteria EAL4+ certification

microsoft logo

Last week reported that both VMware VI 3.5 and vSphere 4.0 are being tested by a Common Criteria lab to earn the EAL4+ rating.

VMware already has the EAL4+ certification for VI 3.0.2 but ESX is not they only hypervisor that was rated that high.

Microsoft in fact just announced that Hyper-V 2008 (the first release and not the just launched R2)  achieved the EAL4+ certification as well.

It is worth to note that Microsoft earned that certification for the release candidate version of Hyper-V that is embedded in the full version of Windows Server 2008, plus the KB950050 hotfix, which upgrades the hypervisor to 1.0 RTM.

Microsoft didn’t even need to certify Hyper-V using editions that have a reduced attack surface, like the version that is embedded in Windows Server 2008 Server Core or the stand-alone Hyper-V Server 2008.

This should clarify how the typical argument that Hyper-V is less secure than ESX, because the former comes with a full copy of Windows while the latter has a very small footprint, doesn’t work at all. Unless we accept to dispute the absolute value of the Common Criteria rating, as suggested several times.