Wednesday, July 23, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Sony Invests in Image Sensor Production
Ultra-High-Definition TVs Still Lack Market Penetration
Lumia 530 Entry-level Windows Phone Released
ASUS Launches the RT-AC87 Dual-Band Wireless-AC2400 Gigabit Router
LG Introduces Games For Quickcircle Case
UHDTVs Boost LG Display Profit
Microsoft's Profit Hurt By Nokia Acquisition
Apple's Revenue Boosted By China Growth
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Vulnera...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, March 17, 2010
Vulnerability Found in Microsoft's Virtual PC


Earlier today, Core Security Technologies issued a security advisory for Microsoft's Virtual PC (VPC) software.

The advisory calls out a proof of concept where the virtual machine monitor allows memory pages above the 2GB level to be read from or written to by user-space programs running within a guest operating system. The advisory explicitly calls into question the effectiveness of many of the security hardening features of Windows, including DEP, SafeSEH, and ASLR.

Microsoft says that this advisory does not affect the security of Windows 7 systems directly. The security safeguards (DEP, ASLR, SafeSEH, etc.) that are in place remain effective at helping protect users from malware on that system. In addition, Microsoft's Windows Server virtualization technology, Hyper-V, is also not affected by this advisory. Applications running inside a Hyper-V guest continue to benefit from these same security safeguards.

"The functionality that Core calls out is not an actual vulnerability per se. Instead, they are describing a way for an attacker to more easily exploit security vulnerabilities that must already be present on the system. The protection mechanisms that are present in the Windows kernel are rendered less effective inside of a virtual machine as opposed to a physical machine. There is no vulnerability introduced, just a loss of certain security protection mechanisms," Microsoft said.

"The functionality described only affects the guest operating system that is running within a Virtual PC environment. In practice, the guest operating system in a Virtual PC environment is typically Windows XP as part of Windows XP Mode. Of the safeguards Core calls out, it should be noted that only DEP is available in Windows XP SP3; Windows XP doesn't contain ASLR. The net result? An attacker can only exploit a vulnerable application running "inside" the guest virtual machine on Windows XP, rather than Windows 7," Microsoft added.


Previous
Next
New Crucial DDR3L 1.35v Server Memory Supports Latest Intel Platform        All News        Nexus One Works on iPhone's Wireless System
MIT Researchers Create Tiny Chips Without Lithography     General Computing News      Internet Explorer 9 Preview Available For Download

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft's Profit Hurt By Nokia Acquisition
Microsoft Is Shutting Down Xbox Entertainment Studios
Microsoft To Eliminate 18,000 Jobs
Microsoft To Take EU 'Right to be forgotten' Requests
Microsoft To Announce Job Cuts
Microsoft To Take On Chromebooks with $200 Windows Notebooks
Microsoft's Nadella To Announce Company Sharkeup
Microsoft Patches IE In Latest Security Updates
Microsoft's Smartwatch Rumored For October Launch
Microsoft May Use The Lumia Brand Instead Of Surface: rumor
Microsoft Suspends Security Notification Service
Microsoft Unveils Azure Machine Learning Service

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .