Virtual Windows is a security hole

INSECURITY EXPERTS at Core Security Technologies have disclosed that Microsoft's Virtual PC virtualisation software has a serious security vulnerability.

By exploiting the flaw an attacker can bypass several major security screens to compromise the Windows operating system. Some software with bugs that are not exploitable when running in an instance of the Windows operating system running on a real PC are rendered exploitable if running within a guest OS in Virtual PC.

Discovered by Core exploit writer Nicolas Economou, the flaw exists in the memory management of the Virtual Machine Monitor. It causes memory pages mapped above the 2GB level to be accessed with read or read/write privileges by user-space programs running in a guest operating system.

Core lists the software with the bug as including Microsoft Virtual PC 2007, Virtual PC 2007 SP1, Virtual PC and Microsoft Virtual Server 2005. Windows 7's XP Mode feature is also affected by the vulnerability.

In a press release, Core said it reported the flaw more than seven months ago, but after back-and-forth discussions Microsoft decided not to issue a security bulletin about it.

Microsoft said that Core Security Technologies was describing a way for an attacker to more easily exploit security vulnerabilities already present on the system, rather than an actual vulnerability. It does this by rendering a number of protection mechanisms that are present in the Windows kernel less effective inside a virtual machine as opposed to a physical Windows machine. An attacker would need to abuse an already present vulnerability in order to use this technique.

There's more here. µ