Tuesday, July 29, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
BlackBerry Strengthens Its Mobile Security Portfolio With The Acquisition of Secusmart
IBM, ACS And AT&T Claim Breakthrough In Elastic Cloud-to Cloud Networking
HP Says Internet of Things Devices Are Vulnerable to Attack
China Starts Anti-monopoly Investigation On Microsoft
Apple's MacBook Pros Now Come With Faster processors And More Memory
Rhapsody Now Has 2 million Subscribers
LG Starts Selling Its 105-Inch Curved UHDTV
Motorola Said To Make Google's Next Phablet
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Vulnera...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, March 17, 2010
Vulnerability Found in Microsoft's Virtual PC


Earlier today, Core Security Technologies issued a security advisory for Microsoft's Virtual PC (VPC) software.

The advisory calls out a proof of concept where the virtual machine monitor allows memory pages above the 2GB level to be read from or written to by user-space programs running within a guest operating system. The advisory explicitly calls into question the effectiveness of many of the security hardening features of Windows, including DEP, SafeSEH, and ASLR.

Microsoft says that this advisory does not affect the security of Windows 7 systems directly. The security safeguards (DEP, ASLR, SafeSEH, etc.) that are in place remain effective at helping protect users from malware on that system. In addition, Microsoft's Windows Server virtualization technology, Hyper-V, is also not affected by this advisory. Applications running inside a Hyper-V guest continue to benefit from these same security safeguards.

"The functionality that Core calls out is not an actual vulnerability per se. Instead, they are describing a way for an attacker to more easily exploit security vulnerabilities that must already be present on the system. The protection mechanisms that are present in the Windows kernel are rendered less effective inside of a virtual machine as opposed to a physical machine. There is no vulnerability introduced, just a loss of certain security protection mechanisms," Microsoft said.

"The functionality described only affects the guest operating system that is running within a Virtual PC environment. In practice, the guest operating system in a Virtual PC environment is typically Windows XP as part of Windows XP Mode. Of the safeguards Core calls out, it should be noted that only DEP is available in Windows XP SP3; Windows XP doesn't contain ASLR. The net result? An attacker can only exploit a vulnerable application running "inside" the guest virtual machine on Windows XP, rather than Windows 7," Microsoft added.


Previous
Next
New Crucial DDR3L 1.35v Server Memory Supports Latest Intel Platform        All News        Nexus One Works on iPhone's Wireless System
MIT Researchers Create Tiny Chips Without Lithography     General Computing News      Internet Explorer 9 Preview Available For Download

Get RSS feed Easy Print E-Mail this Message

Related News
China Starts Anti-monopoly Investigation On Microsoft
Microsoft's Profit Hurt By Nokia Acquisition, Plans Unified OS
Microsoft Is Shutting Down Xbox Entertainment Studios
Microsoft To Eliminate 18,000 Jobs
Microsoft To Take EU 'Right to be forgotten' Requests
Microsoft To Announce Job Cuts
Microsoft To Take On Chromebooks with $200 Windows Notebooks
Microsoft's Nadella To Announce Company Sharkeup
Microsoft Patches IE In Latest Security Updates
Microsoft's Smartwatch Rumored For October Launch
Microsoft May Use The Lumia Brand Instead Of Surface: rumor
Microsoft Suspends Security Notification Service

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .