MS Virtual PC Flaw Defeats Windows Defenses

← Back to Stories (view on slashdot.org)

MS Virtual PC Flaw Defeats Windows Defenses

Posted by kdawson on Tuesday March 16, 2010 @11:01AM from the around-the-maginot-line dept.

Coop's Troops writes "An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft's Virtual PC virtualization software to malicious hacker attacks. The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations — DEP, SafeSEH and ASLR — to exploit the Windows operating system. As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC."

4 of 141 comments (clear)

Min score:

Reason:

Sort:

Re:Linux by customizedmischief · 2010-03-16 11:17 · Score: 5, Insightful

Every time I read an article like this, it gives me a smug face wondering why more people don't switch.

Swtch to what, VMware or Parallels?

--
Oops.
Re:Linux by snowraver1 · 2010-03-16 11:21 · Score: 5, Insightful

Answer: Because their apps run on windows. That's all there is to it.

--
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
How many people even use VirtualPC/XP mode anyway? by jim_v2000 · 2010-03-16 12:10 · Score: 5, Insightful

I mean, talk about small targets. I highly doubt that any hacker would find it worth his time to attempt to exploit this. I mean, first you have to find someone running XP mode. Then you have to get them to open an executable (or exploit some other vulnerability to get onto the system) on the guest OS instead of the host OS. Then the person still has to have more than 2 gigs of RAM and be utilizing more than 2 gigs at once. Then, after all that, you only have access to the XP VM, which may or may not have anything of worth on it.

I'm not surprised that MS shrugged it off for now.

--
Don't take life so seriously. No one makes it out alive.
Re:This gets me every time by obarthelemy · 2010-03-16 12:28 · Score: 5, Insightful

Let's play devil's advocate:
MS has quite a lot of competing agendas:
- keep backwards compatibility, v1. That means a bunch a old APIs, services, apps... Not only was security not much of a concern back when those were written, but any change in the environment risks unveiling new vulns. These pooor guys are actually supposed to maintain IE 6, IE7, and IE 8.
- keep backwards compatibility, v2. MS can't really change the security model or the way they expose it without, again, breaking apps. Since NT, Windows's security model is not bad. But MS can't really implement it fully (no apps changing system-wide ressources, no writing outside of a handful of approved dirs...) without, again, breaking apps.
- add features
- maintain an incredibly wide array of software. MS = Oracle + Linux+ php + Apache + OOo + Firefox + ...
So yes, I really hate the pain that managing MS systems is. I, and they, know they could make things better by breaking a lot of apps. They choose not to... prolly because their customers want them not to. I can understand that.

--
The Cloud - because you don't care if your apps and data are up in the air.