Virtual PC hole could lead to attacks

Not open for further replies.


Fully Optimized
-Trinidad- and Tobago, Caribbean.
Virtual PC hole could lead to attacks, security firm says

"An unpatched weakness in Microsoft's Virtual PC could leave companies using the virtualization software vulnerable to attack, Core Security Technologies said on Tuesday.

An exploit writer at Core Security discovered the vulnerability in Virtual PC hypervisor and reported it to Microsoft in August 2009, Core Security said in an advisory.

Microsoft indicated that it plans to solve the problem in future updates to the vulnerable products: Microsoft Virtual PC 2007, Windows Virtual PC, and Virtual Server 2005, the advisory says. Microsoft Hyper-V technology is not affected by the problem, Core Security said.

Basically, the hole could allow an attacker to bypass Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and other security mitigation features to compromise virtualized Windows systems. Thus certain vulnerabilities that were not exploitable may become exploitable in the virtualized system, said Ivan Arce, chief technology officer at Core Security.

Microsoft goes into more details in a post on the Windows Blog."
Not open for further replies.
Top Bottom