Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Bug Security Windows

MS Virtual PC Flaw Defeats Windows Defenses 141

Posted by kdawson
from the around-the-maginot-line dept.
Coop's Troops writes "An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft's Virtual PC virtualization software to malicious hacker attacks. The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations — DEP, SafeSEH and ASLR — to exploit the Windows operating system. As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC."
This discussion has been archived. No new comments can be posted.

MS Virtual PC Flaw Defeats Windows Defenses

Comments Filter:
  • by koko (66015) on Tuesday March 16, 2010 @06:05PM (#31502748)

    If you want security, unplug the 'net. You ain't gonna get it any other way.

  • by Ben4jammin (1233084) on Tuesday March 16, 2010 @06:11PM (#31502824)
    Arce said Core reported the flaw to Microsoft last August... Microsoft officials declined to comment until they had a chance to review Core’s advisory on the issue

    So how many months do you need to review once you are told about it???
  • Re:Linux (Score:5, Insightful)

    by customizedmischief (692916) on Tuesday March 16, 2010 @06:17PM (#31502882)

    Every time I read an article like this, it gives me a smug face wondering why more people don't switch.

    Swtch to what, VMware or Parallels?

  • Re:Linux (Score:5, Insightful)

    by snowraver1 (1052510) on Tuesday March 16, 2010 @06:21PM (#31502924)
    Answer: Because their apps run on windows. That's all there is to it.
  • by Anonymous Coward on Tuesday March 16, 2010 @06:29PM (#31502986)

    The moment they put out a patch that breaks anything, or makes things worse the uproar will be greater. Its also amazing how it will work find in say, the spanish version, but not on the chinese versions. So many things and so many different products.

  • by jim_v2000 (818799) on Tuesday March 16, 2010 @07:10PM (#31503322)
    I mean, talk about small targets. I highly doubt that any hacker would find it worth his time to attempt to exploit this. I mean, first you have to find someone running XP mode. Then you have to get them to open an executable (or exploit some other vulnerability to get onto the system) on the guest OS instead of the host OS. Then the person still has to have more than 2 gigs of RAM and be utilizing more than 2 gigs at once. Then, after all that, you only have access to the XP VM, which may or may not have anything of worth on it.

    I'm not surprised that MS shrugged it off for now.
  • by obarthelemy (160321) on Tuesday March 16, 2010 @07:28PM (#31503462)

    Let's play devil's advocate:

    MS has quite a lot of competing agendas:
    - keep backwards compatibility, v1. That means a bunch a old APIs, services, apps... Not only was security not much of a concern back when those were written, but any change in the environment risks unveiling new vulns. These pooor guys are actually supposed to maintain IE 6, IE7, and IE 8.
    - keep backwards compatibility, v2. MS can't really change the security model or the way they expose it without, again, breaking apps. Since NT, Windows's security model is not bad. But MS can't really implement it fully (no apps changing system-wide ressources, no writing outside of a handful of approved dirs...) without, again, breaking apps.
    - add features
    - maintain an incredibly wide array of software. MS = Oracle + Linux+ php + Apache + OOo + Firefox + ...

    So yes, I really hate the pain that managing MS systems is. I, and they, know they could make things better by breaking a lot of apps. They choose not to... prolly because their customers want them not to. I can understand that.

  • by X0563511 (793323) on Tuesday March 16, 2010 @08:45PM (#31503918) Homepage Journal

    If someone is using VirtualPC for a honeypot, they are an idiot.

    The idea of a honeypot is that it is indistinguishable from "the real thing."

    That this flaw even exists means it is identifiable as a virtual machine.

  • by ircmaxell (1117387) on Tuesday March 16, 2010 @09:34PM (#31504268) Homepage
    Don't forget, you're talking about a monolith of a company. They have more than enough resources to pour into security. Yet they don't... I refuse to cut them any slack, when open source projects which are powered by volunteers (I know not all are, but a significant number are) can produce (and do produce) results SIGNIFICANTLY faster than MS typically does... If a bunch of volunteers with VERY limited resources can do it, why can't a company with practically unlimited resources handle it?
  • Re:Linux (Score:3, Insightful)

    by Mr2001 (90979) on Tuesday March 16, 2010 @10:53PM (#31504724) Homepage Journal

    It's a matter of priorities. Do I want to a) fight Windows security and have the apps I want, b) ignore security and have the apps I want, or c) have security, but have to learn some other app, or maybe do without that app.

    The whole point of having a computer is to run the programs you want to run. If you're going to have to "do without", you might as well unplug the damn thing (thereby achieving perfect security).

  • by Mr2001 (90979) on Tuesday March 16, 2010 @10:57PM (#31504750) Homepage Journal

    then with windows vista why didn't MSFT include an XP mode, than ran in it's own self contained section while using the higher security of a modern OS?

    Windows 7 Professional/Ultimate includes exactly that. But it's implemented using Virtual PC, which is where this flaw was discovered.

  • by Mr2001 (90979) on Tuesday March 16, 2010 @11:04PM (#31504790) Homepage Journal

    A lot of people considered that to be all sorts of bullshit because Intel uses their VT feature to differentiate product lines; I.E., moderately priced business desktops don't support XP mode.

    Moral: if you're looking for something modestly priced, go with AMD processors. Not only are they cheaper, but nearly all the ones you can find today support virtualization.

  • Re:Linux (Score:1, Insightful)

    by RMS Eats Toejam (1693864) on Tuesday March 16, 2010 @11:05PM (#31504800)
    Slashdot: Where the truth is flammable.

The meta-Turing test counts a thing as intelligent if it seeks to devise and apply Turing tests to objects of its own creation. -- Lew Mammel, Jr.

Working...