Earlier today, Core Security Technologies issued a security advisory for our Virtual PC (VPC) software. The advisory calls out a proof of concept where the virtual machine monitor allows memory pages above the 2GB level to be read from or written to by user-space programs running within a guest operating system. The advisory explicitly calls into question the effectiveness of many of the security hardening features of Windows, including DEP, SafeSEH, and ASLR. Folks are already starting to ask questions about this advisory, so I thought it would be best to answer them here.
First and foremost, customers should rest assured that this advisory does not affect the security of Windows 7 systems directly. The security safeguards (DEP, ASLR, SafeSEH, etc.) that are in place remain effective at helping protect users from malware on that system. In addition, Our Windows Server virtualization technology, Hyper-V, is also not affected by this advisory. Applications running inside a Hyper-V guest continue to benefit from these same security safeguards.
The functionality that Core calls out is not an actual vulnerability per se. Instead, they are describing a way for an attacker to more easily exploit security vulnerabilities that must already be present on the system. It's a subtle point, but one that folks should really understand. The protection mechanisms that are present in the Windows kernel are rendered less effective inside of a virtual machine as opposed to a physical machine. There is no vulnerability introduced, just a loss of certain security protection mechanisms.
The functionality described only affects the guest operating system that is running within a Virtual PC environment. In practice, the guest operating system in a Virtual PC environment is typically Windows XP as part of Windows XP Mode. Of the safeguards Core calls out, it should be noted that only DEP is available in Windows XP SP3; Windows XP doesn't contain ASLR. The net result? An attacker can only exploit a vulnerable application running "inside" the guest virtual machine on Windows XP, rather than Windows 7!
We believe that Windows XP Mode and Windows Virtual PC are great bridging strategies to help customers who have legacy applications get up and running on Windows 7. For those customers who need Windows XP Mode, they should look to install only the required subset of applications that need Windows XP in order to function properly while planning to move those applications to Windows 7 in the future.
One final point, whether the version of Windows you are running is virtualized or running physically on a computer, it's equally important to follow sound security practices. You should make sure your firewall is enabled, that you have anti-virus software installed, and that you keep your software up to date through automatic updates. For more information on how to protect your PC, visit http://www.microsoft.com/protect/.
Dear Paul,
I'm curious...Would this issue be a problem if the WinXP Pro in Windows XP Mode was using Software Restriction Policy or Windows SteadyState with a strict security policy?
ie: Always using Limited User and using the mentioned restriction policy mechanisms to prevent executables (other than files in "Windows" and "Program Files" directories) from running.
As a regular reader of Windows TeamBlog, I should make it.
ok im on my girlfriends computer and im looking up somthing sensual to provide her with on her birthday ,i accidentally go to a website that the security portion of her computer tracks, the content i think its called,we have vista if that means anything, does the content it tracks go away over time or is she just gunna see it no matter what and kill me later,what steps should i take to make sure she doesnt see it,she monitors this account from some parent account that i dont know the code to and cant seem to chang any settings of,someone pleeeeeaaaassse help.
This post was mentioned on Twitter by officialWillams: Vulnerability in Virtual PC?: Earlier today, Core Security Technologies issued a security advisory for our Virtual... http://bit.ly/99KBBT
Pingback from Virtual PC hole could lead to attacks, security firm says « Theetech – Technology, News, Gadgets, Articles, How-tos, tech stories
Pingback from Virtual PC hole could lead to attacks - Computer Forums
Pingback from Virtual PC hole could lead to attacks, security firm says | penlau software
Pingback from Vulnerability in Virtual PC (VPC) doesn’t affect Windows 7 and Hyper-V, Microsoft
Pingback from Windows 7, qualche problema su Virtual PC - The New Blog Times
Pingback from » Vulnerabilidad en Microsoft Virtual PC NoticiasTech
Researchers at Core Security Technologies (CST) say they have uncovered a critical flaw in Windows Virtual
Pingback from Virtual PC hole could lead to attacks | penlau software
Pingback from Vulnerability in Virtual PC? » Balochistan Edition Xp
Pingback from Plaats hier software gerelateerd nieuws! - Page 18
Pingback from Deb Shinder’s Blog » Blog Archive » Virtual PC security vulnerability
Pingback from Virtual PC: Schwachstelle macht virtuelle Maschinen verwundbar « Joerg??s IT-Tech Blog
Pingback from A plain blog about politics: Is McConnell Any Good? · Staringfrog.com
Pingback from REVEALED: Here Are The Tech Sites Steve Jobs Reads On His iPad · Staringfrog.com
Pingback from Using a social security number to find someone | Current Events: mySpot4news.com
Pingback from Using A SSN To Find Someone | Current Events: mySpot4news.com
Pingback from vici blog ?? Blog Archive ?? What treatments are available for … · Staringfrog.com
Pingback from I have a Canon ZR90 digital camcorder. How do I download video to my computer? I have Windows 7.? | CamcorderTech
Pingback from 7 Month Vulnerability in Windows Virtual PC | SecTechno
Pingback from Driveway Alarms ??? Your first line of home security | Security … · Staringfrog.com
Pingback from Vulnerability in Virtual PC? – Windows Security Blog – The Windows …
Pingback from Remote Control Wireless Door Alarm System | Home Security Systems
Pingback from A plain blog about politics: Worth The Pain · Staringfrog.com
Pingback from Minnesota's Result-only Work Environment – GOOD Blog – GOOD · Staringfrog.com
Pingback from Brian Robson ??? Lee Green Councillor ?? Blog Archive ?? Garden waste … · Staringfrog.com
Pingback from Use Your Blog To Make Money
Pingback from vici blog ?? Blog Archive ?? Vitamin Potency comparison (John Gibb) | Vitamin Makers Blog
Pingback from Tsunami in the Berkeley Marina! | OCSC Sailing Blog · Staringfrog.com
Pingback from Vulnerability in Virtual PC? – Windows Security Blog – The Windows … | Windows (7) Affinity
Pingback from Virtual PC da Microsoft, seguro?… ?? ruim hein…rs « ((0n.V!p)) – Douglas Bastos Rosa ??
Pingback from Utilize Your Blog To Market Your Home Business
Pingback from Organizing for America | Erica Sagrans's Blog: Senate Passes Jobs Bill · Staringfrog.com
Pingback from Can I install a different Wordpress theme to a Wordpress hosted blog? |
Pingback from Divorce and Family Law Mediation: What Happens at a Family Court … | Child Custody Attorneys
Pingback from Vulnerability in Virtual PC? - Windows Security Blog - The Windows …
Pingback from Meeting a Katy Family Attorney – Kathy Black Family Law Blog on … | Child Custody Attorneys
Pingback from Firewalls and Internet Security: Repelling the Wily Hacker (2nd Edition) | Ebook Online Free
Pingback from Vulnerability in Virtual PC? – Windows Security Blog – The Windows Blog - Tigger's Liar
Pingback from Microsoft Responds To Virtual PC Security Warning | eWEEK Europe UK
Pingback from Toilet Blog | Holden Automotive Marque
Pingback from 7 Month Vulnerability in Windows Virtual PC - Computer Forums
Pingback from Vulnerability in Virtual PC? – Windows Security Blog – The Windows … | VirtualizationDir - Top Virtualization Providers, News and Resources
Pingback from Vulnerability in Virtual PC? « TDByte
Pingback from The American Spectator : A Fine Texas Wind · Staringfrog.com
Pingback from International Law Prof Blog: Results of the 2010 Stetson … · Staringfrog.com
Pingback from Georgia Fathers' Rights: Going Through a Divorce – Everything You … · Staringfrog.com
Pingback from Miley Cyrus Calls Country Music ???Contrived??? | CMT Blog · Staringfrog.com
Pingback from Dispute about Virtual PC security holes
Pingback from A Popular and Healthy Way of Changing the Appearance of Your Body | How To Lose Muffin Top
Pingback from Vulnerability in Virtual PC? – Windows Security Blog – The Windows … | ????????????_????????????_????????????
Pingback from Security | Mozilist
Pingback from PC Security | Mozilist
Pingback from Security Computer | Mozilist
In der Exploit-DB tauchen immer mehr Exploits auf, die das Umgehen der Schutzfunktionen DEP (Data Execution Prevention) und ASLR (Address Space Layout Randomization) erlauben, wichtige Anwendungen einschließlich Virenscannern nutzen sie gar nic