Virtual PC hole could lead to attacks, security firm says

An unpatched weakness in Microsoft’s Virtual PC could leave organizations using the virtualization software vulnerable to attack, CNET reports. An exploit writer at Core Security Technologies discovered the vulnerability in Virtual PC hypervisor and reported it to Microsoft in August 2009, Core Security said in an advisory. Microsoft said it plans to solve the problem in future updates to the vulnerable products: Microsoft Virtual PC 2007, Windows Virtual PC, and Virtual Server 2005. Microsoft Hyper-V technology is not affected by the problem, Core Security said. Virtual PC hypervisor is part of the Windows Virtual PC package, which allows customers to run multiple Windows environments on a single computer. The hypervisor is a key component of Windows 7 XP Mode, a feature designed to ease the migration to Windows 7 for customers who need to run Windows XP on the native operating system. Core Security recommends that affected users run all mission-critical Windows applications on the native hardware or use virtualization technologies that aren’t affected by the bug…

Click here for the full story

…Read More