Vulnerability in Microsoft Virtual PC exploits the unexploitable

You might want to post both sides of the argument:

Core Security Technologies is describing a way for an attacker to more easily exploit security vulnerabilities already present on the system, rather than an actual vulnerability. It does this by rendering a number of protection mechanisms that are present in the Windows kernel less effective inside a virtual machine as opposed to a physical Windows machine. An attacker would need to abuse an already present vulnerability in order to leverage this technique.
In the scenario Core describes, the functionality is limited to within the virtualized environment– in other words, an attacker could only exploit a vulnerability in an application running “inside” the guest virtual machine on Windows XP rather than Windows 7 in the case of Windows XP Mode. Specially an attacker could not take over a whole host machine running multiple virtual machines. The safeguards within Windows 7 on the desktop OS (DEP, ASLR, and SafeSEH etc.) remain in place.
In addition, an actual vulnerability must already be present in an application running in the guest machine in order for an attacker to take advantage of this. The difference is that on a regular Windows system, that bug may not be exploitable, whereas in the Virtual PC guest machine, it potentially could be.
Microsoft continues to recommend using Windows XP Mode and Windows Virtual PC as a bridging strategy to Windows 7 if they are concerned about compatibility for some of their legacy applications, so that customers can realize the full security benefits Windows 7 offers.
Click to expand...

Personally I don't see the problem?


M/.
 
Article said:
It causes memory pages mapped above the 2GB level to be accessed with read or read/write privileges by user-space programs running in a Guest operating system.
Click to expand...

I imagine not many people give their VMs more than 2GB. For most people they only have that much RAM in total.

MS Statement said:
Core Security Technologies is describing a way for an attacker to more easily exploit security vulnerabilities already present on the system, rather than an actual vulnerability. It does this by rendering a number of protection mechanisms that are present in the Windows kernel less effective inside a virtual machine as opposed to a physical Windows machine. An attacker would need to abuse an already present vulnerability in order to leverage this technique.
In the scenario Core describes, the functionality is limited to within the virtualized environment– in other words, an attacker could only exploit a vulnerability in an application running “inside” the guest virtual machine on Windows XP rather than Windows 7 in the case of Windows XP Mode. Specially an attacker could not take over a whole host machine running multiple virtual machines. The safeguards within Windows 7 on the desktop OS (DEP, ASLR, and SafeSEH etc.) remain in place.
In addition, an actual vulnerability must already be present in an application running in the guest machine in order for an attacker to take advantage of this. The difference is that on a regular Windows system, that bug may not be exploitable, whereas in the Virtual PC guest machine, it potentially could be.
Microsoft continues to recommend using Windows XP Mode and Windows Virtual PC as a bridging strategy to Windows 7 if they are concerned about compatibility for some of their legacy applications, so that customers can realize the full security benefits Windows 7 offers
Click to expand...

So assuming a vulnerability in some software already exists AND you give the VM more than 2GB of RAM then you might have a problem that only affects the guest OS? Ohhh noooo!

The whole point of Virtual Machines in many cases is to shield the host OS from something bad happening. Prudent VM users will have regular backups or snapshots and will keep their guest OS as secure and up to date as their host. You can avoid the whole thing by using 2GB or less RAM for your VM. Simples.

Take XP Mode, what could possibly need 2GB of RAM for?
 
Last edited:
SiriusB said:
I imagine not many people give their VMs more than 2GB. For most people they only have that much RAM in total.
Click to expand...

exactly. if i'm performing a task in a VM (for convenience) that is resource intensive enough to benefit from more than 2GB of ram, i'll go to the trouble of doing it natively. it's almost always quicker, and is always easier.
 
You must log in or register to reply here.
Back
Top Bottom