MS Virtual PC Flaw Defeats Windows Defenses
Coop's Troops writes "An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft's Virtual PC virtualization software to malicious hacker attacks. The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations — DEP, SafeSEH and ASLR — to exploit the Windows operating system. As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC."
Yes. I've always wondered why more people don't switch to a better OS.
Maybe people are so used to a buggy, bloated, vulnerable operating system that they assume other systems will be just as awful.
Circumcision is child abuse.
Ahh yes, come one, come all to Debian Island where all the computers are free and none of them work quite right.
by Mike Buddha -- Someday the mountain might get him, but the law never will.
Are you modding this guy troll because he's upset people insist on using this piece of sh* called Windholes?
Is that what /. has come to now?
Maybe malcontents should pack things and look for a Linux site to whine about M$, eh?
Because they don't want to use your busted POS OS? Because a bug that will effect far less than 1% of all Windows users isn't a cause to change OSes? Because you suck more dicks than a gay bathhouse full of Mac users?
I get my copy of Windows from MSDN through an account my company purchases. I don't pay anything and I get something better than a busted POS like Loonix.
They have more than enough resources to pour into security. Yet they don't... I refuse to cut them any slack, when open source projects which are powered by volunteers (I know not all are, but a significant number are) can produce (and do produce) results SIGNIFICANTLY faster than MS typically does... If a bunch of volunteers with VERY limited resources can do it, why can't a company with practically unlimited resources handle it?
It's pretty easy to patch software quickly when your testing and QA process barely extends past "does it compile".