Tuesday, May 30, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
New Ballistix Tactical Tracer DDR4 Gaming Memory Modules Get RGB Lighting
SK Hynix and Micron Try To Catch up With Samsung in 10nm DRAM Production
CORSAIR Unveils Concept Curve, Concept Slate, SYNC IT and Host of New Liquid Cooling Options at COMPUTEX
Computex 2017: Dell Debuts Inspiron AIOs and VR Gaming Desktop
Samsung Announces New Virtual Reality Partnerships with UFC, X-Games and Live Nation
Computex: Qualcomm Unveils Mesh Networking Platform and Reference Design
Computex: GeForce Partners Unveil Over 40 New Products based on NVIDIA's Max-Q Design
Computex: Western Digital to Deliver First Client Solid State Drives with 64-Layer 3D NAND Technology
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Vulnera...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, March 17, 2010
Vulnerability Found in Microsoft's Virtual PC


Earlier today, Core Security Technologies issued a security advisory for Microsoft's Virtual PC (VPC) software.

The advisory calls out a proof of concept where the virtual machine monitor allows memory pages above the 2GB level to be read from or written to by user-space programs running within a guest operating system. The advisory explicitly calls into question the effectiveness of many of the security hardening features of Windows, including DEP, SafeSEH, and ASLR.

Microsoft says that this advisory does not affect the security of Windows 7 systems directly. The security safeguards (DEP, ASLR, SafeSEH, etc.) that are in place remain effective at helping protect users from malware on that system. In addition, Microsoft's Windows Server virtualization technology, Hyper-V, is also not affected by this advisory. Applications running inside a Hyper-V guest continue to benefit from these same security safeguards.

"The functionality that Core calls out is not an actual vulnerability per se. Instead, they are describing a way for an attacker to more easily exploit security vulnerabilities that must already be present on the system. The protection mechanisms that are present in the Windows kernel are rendered less effective inside of a virtual machine as opposed to a physical machine. There is no vulnerability introduced, just a loss of certain security protection mechanisms," Microsoft said.

"The functionality described only affects the guest operating system that is running within a Virtual PC environment. In practice, the guest operating system in a Virtual PC environment is typically Windows XP as part of Windows XP Mode. Of the safeguards Core calls out, it should be noted that only DEP is available in Windows XP SP3; Windows XP doesn't contain ASLR. The net result? An attacker can only exploit a vulnerable application running "inside" the guest virtual machine on Windows XP, rather than Windows 7," Microsoft added.


Previous
Next
New Crucial DDR3L 1.35v Server Memory Supports Latest Intel Platform        All News        Nexus One Works on iPhone's Wireless System
MIT Researchers Create Tiny Chips Without Lithography     General Computing News      Internet Explorer 9 Preview Available For Download

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft's Beam Streaming Service Becomes "Mixer"
BUILD 2017: Microsoft Announces New Tools and Services to Help Developers Build More Intelligent Apps
Microsoft's Nadella Hints On A Possible Surface Phone
Microsoft Cloud Strength Highlights Third Quarter Results
Microsoft Says U.S. Foreign Intelligence Surveillance Requests Doubled
Microsoft Announces Patent License Agreement with Toyota
Adobe, Microsoft To Offer Solutions That Share Sales Data
Microsoft and Steelcase Present Concepts For The Future Workplace
Microsoft's Outlook.com Premium Emal Service Now Available
Microsoft To Give A Face Lifting To Windows 10 With 'Project NEON'
Microsoft Edge Will Soon Get New Features
Cloud Services Boost Microsoft's Sales And Profit

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .