Virtual PC flaw lets hackers bypass DEP, SafeSEH, ASLR

By ilev
in Smart Home, Network & Security

 Share

Recommended Posts

Experienced

ilev

Posted
Posted

An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft?s Virtual PC virtualization software to malicious hacker attacks.

The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations -- Data Execution Prevention (DEP), Safe Exception Handlers (SafeSEH) and Address Space Layout Randomization (ASLR) -- to exploit the Windows operating system.

As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC, according to Ivan Arce, chief technology officer at Core.

http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug

  • -Vivicidal-
  • Like 1
Experienced

ilev

Posted
  • Author
Posted

Yes. Probably a few weeks. Yes.

Microsoft knows about it for 7 months now. It may take another 7 months to fix.

Meantime : don't use Virtual PC (like xp mode in Win7 ) "We recommend affected users to run all mission critical Windows applications on non-virtualized systems"

or, use a Linux VM

Grand Master

hdood

Posted
Posted

Microsoft knows about it for 7 months now. It may take another 7 months to fix.

Well then. I guess I meant to say 2014.

Meantime : don't use Virtual PC (like xp mode in Win7 ) "We recommend affected users to run all mission critical Windows applications on non-virtualized systems"

or, use a Linux VM

Good advice for everyone. Apart from the somewhat better integration with the host, VMWare Player and VirtualBox are much better than VPC. They're also free.

Mentor

itzwolf

Posted
Posted

Good advice for everyone. Apart from the somewhat better integration with the host, VMWare Player and VirtualBox are much better than VPC. They're also free.

I use VirtualBox and haven't had any issues with it. (Y)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • NVIDIA AI Trained Itself on a 30B Model: Corrected Its Own Broken Metric Mid-Run

      By +TRS-80 · Posted

      Autonomous post-training loop placed 8th of 4,000 and then rewrote its own evaluation strategy. An autonomous AI system built by researchers at Amazon's A-EVO-Lab completed a full post-training run on a 30 billion parameter NVIDIA Nemotron model — with no human in the loop, across four rounds running over multiple weeks — and then did something its designers had not planned for: it detected that its own internal evaluation metric had become misleading and redesigned the search strategy it was using to improve itself. https://www.techtimes.com/articles/319123/20260626/nvidia-ai-trained-itself-30b-model-corrected-its-own-broken-metric-mid-run.htm
    • Elon Musk, The New King of Adult Content

      By +TRS-80 · Posted

      Grok Adult Content Tops 10 Billion Images Monthly More than half of all traffic flowing through Grok, Elon Musk's flagship AI product, now comes from users requesting pornographic images, explicit videos, and **** roleplay https://www.techtimes.com/articles/319142/20260626/grok-adult-content-tops-10-billion-images-monthly-xai-engineers-admit-csam-has-no-fix.htm
    • Ford execs say they made a mistake when they replaced human engineers with AI

      By naap51stang · Posted

      If Ford would stop hiring SUITS to run the company, and put CAR GUYS back in charge perhaps they could do better. Heck, the only CAR they produce today is the Mustang. Hey Ford! Not everyone needs/wants an overpriced SUV or pickup truck that is so tall you have to have a step ladder to get in and out of it.
    • SpaceX reportedly plans a Starlink mobile service for U.S. consumers

      By naap51stang · Posted

      Amazing how some will just jump all over something. Probably the same people that thought Musk was a "tech god" before he saddled up with "bad orange man". Before, they worshiped at his feet, including a lot of so called hollywood types. Now, because he fell off the plantation truck, they toss him under the bus.
    • The best controller for XBOX and PC is down to the lowest price

      By Jaybonaut · Posted

      How does the disc d-pad work for fighting games? Has anyone had personal experience with that specific question?

  • Recent Achievements

    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done
    • Week One Done
      tuben earned a badge
      Week One Done
    • First Post
      OffsetAbs earned a badge
      First Post
    • Reacting Well
      OffsetAbs earned a badge
      Reacting Well

  • Popular Contributors

    1. 1
      +primortal
      482
    2. 2
      +Edouard
      222
    3. 3
      PsYcHoKiLLa
      158
    4. 4
      Steven P.
      75
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!