7 Month Vulnerability in Windows Virtual PC

Core Security Technologies (CST) has discovered a critical vulnerability in windows virtual PC allows an attacker to bypass security measures and run a malicious code on the guest machine. the concerned platform for this vulnerability is Virtual PC 2007, Virtual PC 2007 SP1, Windows Virtual PC, Virtual Server 2005 and Virtual Server 2005 R2 SP1.

The flaw lies in the management memory level (Virtual Machine Monitor). By leveraging this vulnerability it is possible to bypass security mechanisms of the operating system such as Data Execution Prevention (DEP), Safe Structured Error Handling (SafeSEH) and Address Space Layout Randomization (ASLR) designed to prevent exploitation of security bugs in applications running on Windows operation systems.

Microsoft has been notified about this gap 7 months ago, but it has refused to fix it till the release of next service pack, that made CST to issue the security advisory publically.

Today Microsoft answered on a Blog post that this advisory does not affect the security of Windows 7 systems directly. The security safeguards (DEP, ASLR, SafeSEH, etc.) that are in place remain effective at helping protect users from malware on that system. In addition,Windows Server virtualization technology, Hyper-V, is also not affected by this advisory. Applications running inside a Hyper-V guest continue to benefit from these same security safeguards.

You can read Microsoft complete post here.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
12 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] that can be exposed from their bogus software. Does Microsoft ring any bell? Check it out here! How about Apple? 20 vulnerabilities found with only 5 lines of code written in Python… this […]

trackback

[…] that can be exposed from their bogus software. Does Microsoft ring any bell? Check it out here! How about Apple? 20 vulnerabilities found with only 5 lines of code written in Python… this […]

trackback

RT @MBenLakhoua 7Month Vulnerability in Windows Virtual PC http://bit.ly/bQmcKp (via @sectechno)

trackback

RT @MBenLakhoua: 7Month Vulnerability in Windows Virtual PC http://bit.ly/bQmcKp (via @sectechno)

trackback

RT @MBenLakhoua: 7Month Vulnerability in Windows Virtual PC http://bit.ly/bQmcKp (via @sectechno)

trackback

7Month Vulnerability in Windows Virtual PC http://bit.ly/bQmcKp (via @sectechno)

trackback

7 Month Vulnerability in Windows Virtual PC http://bit.ly/aSTFZK (via @sectechno) #security #infosec

trackback

Just read – "7 Month Vulnerability in Windows Virtual PC". Microsoft has been notified about this bug 7 months ago. http://bit.ly/b8t7Ri

trackback

RT @MBenLakhoua: 7 Month Vulnerability in Windows Virtual PC http://bit.ly/aSTFZK (via @sectechno) #security #infosec

trackback

RT @MBenLakhoua: 7 Month Vulnerability in Windows Virtual PC http://bit.ly/aSTFZK (via @sectechno) #security #infosec

trackback

RT @MBenLakhoua: 7 Month Vulnerability in Windows Virtual PC http://bit.ly/aSTFZK (via @sectechno) #security #infosec

trackback

7 Month Vulnerability in Windows Virtual PC http://bit.ly/aSTFZK (via @sectechno) #security #infosec