Hyper-V Administrators
The Hyper-V Administrators group grants full control over Hyper-V virtual machines without requiring administrative privileges. Members can create, modify, and execute VMs, which can be abused for privilege escalation by booting custom OS images or accessing disk files of privileged VMs. Attackers can use it to extract credentials, modify system configurations, or escape to the host system. If misconfigured, it can lead to full host compromise from a low-privileged user.