Wednesday, May 25, 2016
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Huawei Sues Samsung Over Mobile Patents
Toyota Is Investing In Uber
Google Enhances Ads For Mobile Devices
LG G5 "Friends" LG CAM Plus, LG 360 CAM, LG 360 VR, LG TONE Devices Launch In US
Twitter Photos, videos And Names in Reply Tweets Will No Longer Count Toward 140-character Limit
Samsung Expands 750 EVO SSD With Availability and Increases Capacity to 500GB
Google's Paris Offices Raided
OCZ RD400 NVMe SSD Series Released
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Vulnera...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, March 17, 2010
Vulnerability Found in Microsoft's Virtual PC


Earlier today, Core Security Technologies issued a security advisory for Microsoft's Virtual PC (VPC) software.

The advisory calls out a proof of concept where the virtual machine monitor allows memory pages above the 2GB level to be read from or written to by user-space programs running within a guest operating system. The advisory explicitly calls into question the effectiveness of many of the security hardening features of Windows, including DEP, SafeSEH, and ASLR.

Microsoft says that this advisory does not affect the security of Windows 7 systems directly. The security safeguards (DEP, ASLR, SafeSEH, etc.) that are in place remain effective at helping protect users from malware on that system. In addition, Microsoft's Windows Server virtualization technology, Hyper-V, is also not affected by this advisory. Applications running inside a Hyper-V guest continue to benefit from these same security safeguards.

"The functionality that Core calls out is not an actual vulnerability per se. Instead, they are describing a way for an attacker to more easily exploit security vulnerabilities that must already be present on the system. The protection mechanisms that are present in the Windows kernel are rendered less effective inside of a virtual machine as opposed to a physical machine. There is no vulnerability introduced, just a loss of certain security protection mechanisms," Microsoft said.

"The functionality described only affects the guest operating system that is running within a Virtual PC environment. In practice, the guest operating system in a Virtual PC environment is typically Windows XP as part of Windows XP Mode. Of the safeguards Core calls out, it should be noted that only DEP is available in Windows XP SP3; Windows XP doesn't contain ASLR. The net result? An attacker can only exploit a vulnerable application running "inside" the guest virtual machine on Windows XP, rather than Windows 7," Microsoft added.


Previous
Next
New Crucial DDR3L 1.35v Server Memory Supports Latest Intel Platform        All News        Nexus One Works on iPhone's Wireless System
MIT Researchers Create Tiny Chips Without Lithography     General Computing News      Internet Explorer 9 Preview Available For Download

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft To Accelerate Delivery of Affordable Internet Access
Microsoft Is Selling Its Feature Phone Business to Foxconn, Nokia Mobiles Return
Microsoft Positions Windows 10 As A Platform for the Intelligence Revolution
Microsoft, Google Drop Complaints Against Each Other
Microsoft Reports Profit But Windows Business Keeps Declining
Microsoft Sues U.S. Government Over Data Requests
Microsoft's Edge Browser To Limit Flash Support
Toyota, Microsoft To Work Together On Connected Technologies
Build 2016: Microsoft Announces Cloud Services, Developer Tools
Microsoft's BUILD 2016 Conference Kicks Off
Microsoft Apologizes for Offensive Tweets Made By Its 'Tay' Chatbot
Microsoft Supports Yahoo Bidders

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2016 - All rights reserved -
Privacy policy - Contact Us .