Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Virtual PC Flaw Defeats Windows Defenses

Posted by kdawson on from the around-the-maginot-line dept.

Coop's Troops writes "An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft's Virtual PC virtualization software to malicious hacker attacks. The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations — DEP, SafeSEH and ASLR — to exploit the Windows operating system. As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC."

7 of 141 comments (clear)

  1. Ugh, this isn't good. by mlts · · Score: 4, Informative

    The good news is that this doesn't affect the big iron (Hyper-V). However, for people who have Windows 7 and XP mode, using it for Web browsing, this will cause them a world of hurt.

    Since this essentially doesn't affect servers, I'm going to recommend to people that they move to VMWare Workstation if they want commercial support, or VirtualBox if they desire an open source solution. Either one of these has as many features as VirtualPC (although VirtualPC has one nice advantage -- it drops changes to the undo disk fast compared to the 2-3 minutes VMWare does.)

    A hole in a hypervisor is a really bad thing. A lot of people use VMs for honeypots, and this would cause unintended infections, or other damage, perhaps catastrophic.

    1. Re:Ugh, this isn't good. by Anonymous Coward · · Score: 4, Informative

      The hole is not in the hypervisor. The GUEST OS is the one that is compromised, not the OS running the VM.

    2. Re:Ugh, this isn't good. by cbhacking · · Score: 5, Informative

      Honeypots are designed to get hit. This bug doesn't make the host system vulnerable, it just means that the client OS is easier to exploit.

      If it worked on Hyper-V, this would be a big problem; that's a server-level technology where even the clients are expected to remain secure. On the other hand, Virtual PC isn't even a hypervisor; it requires a full OS onderneath it, running itself as just another Windows app. Up until 2007 didn't even require hardware support for virtualization.

      --
      There's no place I could be, since I've found Serenity...
  2. Still can't exploit the host OS by cbhacking · · Score: 5, Informative

    This is definitley a bug, but all it does is allow bypassing of security features in the virtualized system. In other words, you can exploit the VM client, but you still can't get at the host.

    It's worth of a patch, but not of a panic. If you're virtualizing for security, you don't really care what happens to the virtual system (that's the point). If you're virtualizing so you can run an old OS, it's going to be full of holes anyhow. If you're virtualizing for any other reason, why the hell are you using consumer-grade virtualization software?

    --
    There's no place I could be, since I've found Serenity...
  3. Re:Linux by Hamsterdan · · Score: 5, Informative

    Virtualbox.

    --
    I've got better things to do tonight than die.
  4. Credits by aurelianito · · Score: 5, Informative
    From TFA:

    An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft's Virtual PC virtualization software to malicious hacker attacks.

    I would like to add that the exploit writer at Core Security Technologies that discovered this vulnerability is Nicolás Economou and congratulate him on the great work he has made.

    Disclaimer: I also work at Core

  5. Priorities, priorities - oh, wait! Policy: by symbolset · · Score: 4, Informative

    When we face a choice between adding features and resolving security issues, we need to choose security.

    - Bill Gates, January 16, 2002 .

    --
    Help stamp out iliturcy.