Last week virtualization.info reported that both VMware VI 3.5 and vSphere 4.0 are being tested by a Common Criteria lab to earn the EAL4+ rating.
VMware already has the EAL4+ certification for VI 3.0.2 but ESX is not they only hypervisor that was rated that high.
It is worth to note that Microsoft earned that certification for the release candidate version of Hyper-V that is embedded in the full version of Windows Server 2008, plus the KB950050 hotfix, which upgrades the hypervisor to 1.0 RTM.
Microsoft didn’t even need to certify Hyper-V using editions that have a reduced attack surface, like the version that is embedded in Windows Server 2008 Server Core or the stand-alone Hyper-V Server 2008.
This should clarify how the typical argument that Hyper-V is less secure than ESX, because the former comes with a full copy of Windows while the latter has a very small footprint, doesn’t work at all. Unless we accept to dispute the absolute value of the Common Criteria rating, as virtualization.info suggested several times.