Network Security Consulting Vulnerabilities Article
Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability
http://www.symantec.com/business/security_response/vulnerability.jsp?bid=35601Risk
Medium Date Discovered
7/14/2009 12:00:00 AM Description
Microsoft Virtual PC and Virtual Server are prone to a privilege-escalation vulnerability caused by an error in privileged instruction decoding.Successful exploits may allow local attackers to elevate privileges within a guest operating system. Technologies Affected
Microsoft Virtual PC 2007 x64 EditionSP1
Microsoft Virtual PC 2007 x64 Edition
Microsoft Virtual PC 2007SP1
Microsoft Virtual PC 2007
Microsoft Virtual PC 2004SP1
Microsoft Virtual PC 2004
Microsoft Virtual Server 2005 Standard EditionR2
Microsoft Virtual Server 2005 Standard Edition
Microsoft Virtual Server 2005 R2 SP1 x64 Edition
Microsoft Virtual Server 2005 R2 SP1
Microsoft Virtual Server 2005 Enterprise EditionR2
Microsoft Virtual Server 2005 Enterprise Edition Recommendations
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Allow only trusted individuals to have local accounts and physical access to vulnerable computers and resources.
The vendor has released an advisory and updates. Please see the references for details. References
Source: Microsoft Security Bulletin MS09-033
URL: http://www.microsoft.com/technet/security/Bulletin/MS09-033.mspx
Source: Virtual PC Homepage
URL: http://www.microsoft.com/windows/virtual-pc/default.aspx
Source: Virtual Server Homepage
URL: http://www.microsoft.com/windowsserversystem/virtualserver/ Credits
Julien Tinnes and Tavis Ormandy of Google Inc
|
