Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Virtual PC Flaw Defeats Windows Defenses

Posted by kdawson on from the around-the-maginot-line dept.

Coop's Troops writes "An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft's Virtual PC virtualization software to malicious hacker attacks. The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations — DEP, SafeSEH and ASLR — to exploit the Windows operating system. As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC."

2 of 141 comments (clear)

  1. Re:Linux by Mike+Buddha · · Score: 0, Troll

    Ahh yes, come one, come all to Debian Island where all the computers are free and none of them work quite right.

    --
    by Mike Buddha -- Someday the mountain might get him, but the law never will.
  2. Re:This gets me every time by drsmithy · · Score: 0, Troll

    They have more than enough resources to pour into security. Yet they don't... I refuse to cut them any slack, when open source projects which are powered by volunteers (I know not all are, but a significant number are) can produce (and do produce) results SIGNIFICANTLY faster than MS typically does... If a bunch of volunteers with VERY limited resources can do it, why can't a company with practically unlimited resources handle it?

    It's pretty easy to patch software quickly when your testing and QA process barely extends past "does it compile".