main

Critical VMware bug lets attackers zap 'real' Windows

Steven Parker   on 26 February 2008 - 11:45 · 4 comments & 3344 views

Advertisement (Why?)
A critical vulnerability in VMware's virtualization software for Windows lets attackers escape the "guest" operating system and modify or add files to the underlying "host" operating system, the company has acknowledged. As of Sunday, there was no patch available for the flaw, which affects VMware's Windows client virtualization programs, including Workstation, Player, and ACE. The company's virtual machine software for Windows servers and for Mac- and Linux-based hosts are not at risk.

The bug was reported by Core Security Technologies, makers of the penetration-testing framework CORE IMPACT, said VMware in a security alert issued last Friday. "Exploitation of this vulnerability allows attackers to break out of an isolated guest system to compromise the underlying host system that controls it," claimed Core Security.

According to VMware, the bug is in the shared-folder feature of its Windows client-based virtualization software. Shared folders let users access certain files -- typically documents and other application-generated files -- from the host operating system and any virtual machine on that physical system.

"On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations," confirmed VMware.

VMware has not posted a fix, but it instead told users to disable shared folders.

View: Full Article @ InfoWorld
Link: VMware Security alert

Share this Article

About the Author

Full name: Steven Parker
User name: Neobond
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

Post a comment · Send to friend Comments · There are 4 additional comments
#1 YaZoR on 26 Feb 2008 - 13:09
I never have this enabled as I always suspected of someway to exploit exactly this.
#2 GEIST on 26 Feb 2008 - 15:57
Good job, Captain Obvious. Who would have thought you could touch the host through the guest via a shared folder between both.
#3 Statikk on 26 Feb 2008 - 16:55
I think the problem is that they can "create or modify executable files in sensitive locations" not just in locations shared as shared folders.
#4 ajua on 27 Feb 2008 - 00:42
beware of virtual malware! lol

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.879) © 2000 - 2008 Neowin.net