Zero Day Vulnerability Uncovered in Microsoft's Virtualization Software
A new zero day vulnerability has been uncovered in Microsoft's virtualization software - like XP Mode, which allows Windows 7 users for example to run legacy applications on the latest iteration of the Windows operating system as if they were running on Windows XP. The vulnerability has been uncovered by Core Security Technologies, company that specializes in providing commercial-grade penetration testing software solutions.
According to Core Security Technologies, the vulnerability allows bugs that are not exploitable in a non-virtualized environment to become exploitable when running in a virtualized environment. So if you ran application X as you would normally do, a bug cannot be exploited by someone with malicious intent/ But if you were to run the same application X in XP Mode in Windows 7, a person with malicious intent could exploit that bug.
“A vulnerability found in the memory management of the Virtual Machine Monitor makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system. By leveraging this vulnerability it is possible to bypass security mechanisms of the operating system such as Data Execution Prevention (DEP), Safe Structured Error Handling (SafeSEH) and Address Space Layout Randomization (ASLR) designed to prevent exploitation of security bugs in applications running on Windows operation systems,” explained Core Security Technologies in the security advisory they released (see here).
Redmond-based software giant Microsoft announced that it is aware of this recently uncovered vulnerability. Through the voice of Director of Windows 7 Client Enterprise Security, Paul Cooke, Microsoft reassured users that the vulnerability in question “does not affect the security of Windows 7” and that “Windows Server virtualization technology, Hyper-V, is also not affected.”
“The functionality that Core calls out is not an actual vulnerability per se. Instead, they are describing a way for an attacker to more easily exploit security vulnerabilities that must already be present on the system. It's a subtle point, but one that folks should really understand. The protection mechanisms that are present in the Windows kernel are rendered less effective inside of a virtual machine as opposed to a physical machine. There is no vulnerability introduced, just a loss of certain security protection mechanisms,” explained Paul Cooke.
Cooke went on to say that no matter what Windows version you’re currently using, be it a regular one or a virtualized version, you should always make sure your system is safe and protected. In this regard you should have a firewall turned on, you should have an up-to-date antivirus installed, and you should make sure to apply the latest patches and updates for the software running on top of the operating system.
Tags: Microsoft, Virtualization software, Windows Virtual PC, Microsoft Virtual PC 2007
According to Core Security Technologies, the vulnerability allows bugs that are not exploitable in a non-virtualized environment to become exploitable when running in a virtualized environment. So if you ran application X as you would normally do, a bug cannot be exploited by someone with malicious intent/ But if you were to run the same application X in XP Mode in Windows 7, a person with malicious intent could exploit that bug.
Advertising
“A vulnerability found in the memory management of the Virtual Machine Monitor makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system. By leveraging this vulnerability it is possible to bypass security mechanisms of the operating system such as Data Execution Prevention (DEP), Safe Structured Error Handling (SafeSEH) and Address Space Layout Randomization (ASLR) designed to prevent exploitation of security bugs in applications running on Windows operation systems,” explained Core Security Technologies in the security advisory they released (see here).
Redmond-based software giant Microsoft announced that it is aware of this recently uncovered vulnerability. Through the voice of Director of Windows 7 Client Enterprise Security, Paul Cooke, Microsoft reassured users that the vulnerability in question “does not affect the security of Windows 7” and that “Windows Server virtualization technology, Hyper-V, is also not affected.”
“The functionality that Core calls out is not an actual vulnerability per se. Instead, they are describing a way for an attacker to more easily exploit security vulnerabilities that must already be present on the system. It's a subtle point, but one that folks should really understand. The protection mechanisms that are present in the Windows kernel are rendered less effective inside of a virtual machine as opposed to a physical machine. There is no vulnerability introduced, just a loss of certain security protection mechanisms,” explained Paul Cooke.
Cooke went on to say that no matter what Windows version you’re currently using, be it a regular one or a virtualized version, you should always make sure your system is safe and protected. In this regard you should have a firewall turned on, you should have an up-to-date antivirus installed, and you should make sure to apply the latest patches and updates for the software running on top of the operating system.
Tags: Microsoft, Virtualization software, Windows Virtual PC, Microsoft Virtual PC 2007
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 23 Dec 2011
Redmond-based software giant Microsoft has said goodbye to its keynote presentation and booth at the Consumer Electronics Show (CES), the technology trade show held each January in the Las Vegas Convention Center. 
By George Norman on 02 Dec 2011
With 2011 quickly drawing to an end, the team behind Microsoft’s Bing search engine made public a list of the most popular searches on Bing in 2011. The list includes the most searched people, the most searched news stories, the most searched sports stars
By George Norman on 21 Sep 2011
One million students from low-income families in the US will have access to software, hardware, and discounted broadband internet service courtesy of Redmond-based software giant Microsoft. 
By George Norman on 27 Oct 2011
It is true that the mouse is one of the most used peripheral and it is just as true that if you want to get things done and get them done fast, using keyboard shortcuts is a lot more efficient than clicking.Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Zero Day Vulnerability Uncovered in Microsoft's Virtualization Software
HTML Linking Code
HTML Linking Code