Zero Day Vulnerability Uncovered in Microsoft's Virtualization Software
Article by George Norman
On 17 Mar 2010
A new zero day vulnerability has been uncovered in Microsoft's virtualization software - like XP Mode, which allows Windows 7 users for example to run legacy applications on the latest iteration of the Windows operating system as if they were running on Windows XP. The vulnerability has been uncovered by Core Security Technologies, company that specializes in providing commercial-grade penetration testing software solutions.

According to Core Security Technologies, the vulnerability allows bugs that are not exploitable in a non-virtualized environment to become exploitable when running in a virtualized environment. So if you ran application X as you would normally do, a bug cannot be exploited by someone with malicious intent/ But if you were to run the same application X in XP Mode in Windows 7, a person with malicious intent could exploit that bug.


“A vulnerability found in the memory management of the Virtual Machine Monitor makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system. By leveraging this vulnerability it is possible to bypass security mechanisms of the operating system such as Data Execution Prevention (DEP), Safe Structured Error Handling (SafeSEH) and Address Space Layout Randomization (ASLR) designed to prevent exploitation of security bugs in applications running on Windows operation systems,” explained Core Security Technologies in the security advisory they released (see here).

Redmond-based software giant Microsoft announced that it is aware of this recently uncovered vulnerability. Through the voice of Director of Windows 7 Client Enterprise Security, Paul Cooke, Microsoft reassured users that the vulnerability in question “does not affect the security of Windows 7” and that “Windows Server virtualization technology, Hyper-V, is also not affected.”

“The functionality that Core calls out is not an actual vulnerability per se. Instead, they are describing a way for an attacker to more easily exploit security vulnerabilities that must already be present on the system. It's a subtle point, but one that folks should really understand. The protection mechanisms that are present in the Windows kernel are rendered less effective inside of a virtual machine as opposed to a physical machine. There is no vulnerability introduced, just a loss of certain security protection mechanisms,” explained Paul Cooke.

Cooke went on to say that no matter what Windows version you’re currently using, be it a regular one or a virtualized version, you should always make sure your system is safe and protected. In this regard you should have a firewall turned on, you should have an up-to-date antivirus installed, and you should make sure to apply the latest patches and updates for the software running on top of the operating system.

Tags: Microsoft, Virtualization software, Windows Virtual PC, Microsoft Virtual PC 2007
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Zero Day Vulnerability Uncovered in Microsoft's Virtualization Software
HTML Linking Code