| « Priveon Training Schedule Updated | Interesting Data Leakage Statistics and Visibility » |
Microsoft Virtual PC Creates Vulnerabilities
03/16/10
Microsoft Virtual PC Creates Vulnerabilities
A Core Security researcher has announced a vulnerability in Microsoft PC Virtualization that in effect, can expose a vulnerability in applications where one did not exist in un-virtualized systems. The problem is, if you run an application in a Microsoft Virtual PC Environment (which includes: MS Virtual PC 2007, Virtual PC 2007 SP1, Virtual PC and Server 2005, as well as Windows 7 in XP Mode!), a vulnerable application may be exploitable becasue SafeSEH (Safe Exception Handlers), ASLR (Address Space Layout Randomization), and DEP (Data Execution Prevention) can be bypassed hen run in the virtualized environment.
Microsoft has opted to NOT ISSUE A PATCH for this vulnerability. Just as a side note: Core Security notified MS about this on 8-19-09 according to the security advisory from Core Security.
The Core Security Advisory is here. (as well as PoC code)
XML Feeds©2010 by Priveon, Inc.