Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Virtual PC Flaw Defeats Windows Defenses

Posted by kdawson on from the around-the-maginot-line dept.

Coop's Troops writes "An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft's Virtual PC virtualization software to malicious hacker attacks. The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations — DEP, SafeSEH and ASLR — to exploit the Windows operating system. As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC."

13 of 141 comments (clear)

  1. Which only goes to show, it's always something by koko · · Score: 1, Insightful

    If you want security, unplug the 'net. You ain't gonna get it any other way.

  2. This gets me every time by Ben4jammin · · Score: 4, Insightful

    Arce said Core reported the flaw to Microsoft last August... Microsoft officials declined to comment until they had a chance to review Core’s advisory on the issue

    So how many months do you need to review once you are told about it???

    1. Re:This gets me every time by Anonymous Coward · · Score: 2, Insightful

      The moment they put out a patch that breaks anything, or makes things worse the uproar will be greater. Its also amazing how it will work find in say, the spanish version, but not on the chinese versions. So many things and so many different products.

    2. Re:This gets me every time by obarthelemy · · Score: 5, Insightful

      Let's play devil's advocate:

      MS has quite a lot of competing agendas:
      - keep backwards compatibility, v1. That means a bunch a old APIs, services, apps... Not only was security not much of a concern back when those were written, but any change in the environment risks unveiling new vulns. These pooor guys are actually supposed to maintain IE 6, IE7, and IE 8.
      - keep backwards compatibility, v2. MS can't really change the security model or the way they expose it without, again, breaking apps. Since NT, Windows's security model is not bad. But MS can't really implement it fully (no apps changing system-wide ressources, no writing outside of a handful of approved dirs...) without, again, breaking apps.
      - add features
      - maintain an incredibly wide array of software. MS = Oracle + Linux+ php + Apache + OOo + Firefox + ...

      So yes, I really hate the pain that managing MS systems is. I, and they, know they could make things better by breaking a lot of apps. They choose not to... prolly because their customers want them not to. I can understand that.

      --
      The Cloud - because you don't care if your apps and data are up in the air.
    3. Re:This gets me every time by ircmaxell · · Score: 2, Insightful

      Don't forget, you're talking about a monolith of a company. They have more than enough resources to pour into security. Yet they don't... I refuse to cut them any slack, when open source projects which are powered by volunteers (I know not all are, but a significant number are) can produce (and do produce) results SIGNIFICANTLY faster than MS typically does... If a bunch of volunteers with VERY limited resources can do it, why can't a company with practically unlimited resources handle it?

      --
      If a man isn't willing to take some risk for his opinions, either his opinions are no good or he's no good
    4. Re:This gets me every time by Mr2001 · · Score: 2, Insightful

      then with windows vista why didn't MSFT include an XP mode, than ran in it's own self contained section while using the higher security of a modern OS?

      Windows 7 Professional/Ultimate includes exactly that. But it's implemented using Virtual PC, which is where this flaw was discovered.

      --
      Visual IRC: Fast. Powerful. Free.
  3. Re:Linux by customizedmischief · · Score: 5, Insightful

    Every time I read an article like this, it gives me a smug face wondering why more people don't switch.

    Swtch to what, VMware or Parallels?

    --
    Oops.
  4. Re:Linux by snowraver1 · · Score: 5, Insightful

    Answer: Because their apps run on windows. That's all there is to it.

    --
    Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
  5. How many people even use VirtualPC/XP mode anyway? by jim_v2000 · · Score: 5, Insightful

    I mean, talk about small targets. I highly doubt that any hacker would find it worth his time to attempt to exploit this. I mean, first you have to find someone running XP mode. Then you have to get them to open an executable (or exploit some other vulnerability to get onto the system) on the guest OS instead of the host OS. Then the person still has to have more than 2 gigs of RAM and be utilizing more than 2 gigs at once. Then, after all that, you only have access to the XP VM, which may or may not have anything of worth on it.

    I'm not surprised that MS shrugged it off for now.

    --
    Don't take life so seriously. No one makes it out alive.
  6. Re:Ugh, this isn't good. by X0563511 · · Score: 4, Insightful

    If someone is using VirtualPC for a honeypot, they are an idiot.

    The idea of a honeypot is that it is indistinguishable from "the real thing."

    That this flaw even exists means it is identifiable as a virtual machine.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  7. Re:Linux by Mr2001 · · Score: 2, Insightful

    It's a matter of priorities. Do I want to a) fight Windows security and have the apps I want, b) ignore security and have the apps I want, or c) have security, but have to learn some other app, or maybe do without that app.

    The whole point of having a computer is to run the programs you want to run. If you're going to have to "do without", you might as well unplug the damn thing (thereby achieving perfect security).

    --
    Visual IRC: Fast. Powerful. Free.
  8. Re:Ugh, this isn't good. by Mr2001 · · Score: 3, Insightful

    A lot of people considered that to be all sorts of bullshit because Intel uses their VT feature to differentiate product lines; I.E., moderately priced business desktops don't support XP mode.

    Moral: if you're looking for something modestly priced, go with AMD processors. Not only are they cheaper, but nearly all the ones you can find today support virtualization.

    --
    Visual IRC: Fast. Powerful. Free.
  9. Re:Linux by RMS+Eats+Toejam · · Score: 1, Insightful

    Slashdot: Where the truth is flammable.

    --
    Turning to a Linux advocate for thoughts on Microsoft is like asking Hitler how he felt about the Jews.