Zero Day Vulnerability Uncovered in Microsoft's Virtualization Software

Article by George Norman (Cybersecurity Editor)

on 17 Mar 2010

A new zero day vulnerability has been uncovered in Microsoft's virtualization software - like XP Mode, which allows Windows 7 users for example to run legacy applications on the latest iteration of the Windows operating system as if they were running on Windows XP. The vulnerability has been uncovered by Core Security Technologies, company that specializes in providing commercial-grade penetration testing software solutions.

According to Core Security Technologies, the vulnerability allows bugs that are not exploitable in a non-virtualized environment to become exploitable when running in a virtualized environment. So if you ran application X as you would normally do, a bug cannot be exploited by someone with malicious intent/ But if you were to run the same application X in XP Mode in Windows 7, a person with malicious intent could exploit that bug.

“A vulnerability found in the memory management of the Virtual Machine Monitor makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system. By leveraging this vulnerability it is possible to bypass security mechanisms of the operating system such as Data Execution Prevention (DEP), Safe Structured Error Handling (SafeSEH) and Address Space Layout Randomization (ASLR) designed to prevent exploitation of security bugs in applications running on Windows operation systems,” explained Core Security Technologies in the security advisory they released (see here).

Redmond-based software giant Microsoft announced that it is aware of this recently uncovered vulnerability. Through the voice of Director of Windows 7 Client Enterprise Security, Paul Cooke, Microsoft reassured users that the vulnerability in question “does not affect the security of Windows 7” and that “Windows Server virtualization technology, Hyper-V, is also not affected.”

“The functionality that Core calls out is not an actual vulnerability per se. Instead, they are describing a way for an attacker to more easily exploit security vulnerabilities that must already be present on the system. It's a subtle point, but one that folks should really understand. The protection mechanisms that are present in the Windows kernel are rendered less effective inside of a virtual machine as opposed to a physical machine. There is no vulnerability introduced, just a loss of certain security protection mechanisms,” explained Paul Cooke.

Cooke went on to say that no matter what Windows version you’re currently using, be it a regular one or a virtualized version, you should always make sure your system is safe and protected. In this regard you should have a firewall turned on, you should have an up-to-date antivirus installed, and you should make sure to apply the latest patches and updates for the software running on top of the operating system.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all