Hi everyone: I was talking to some collegues at lunch, and a conversation about virtualization came up. I had just read the SANS NewsBites, and found an interesting story about the latest round of Microsoft patches. In the editor's comments there was an interesting point about virtualization. This article reads: --Microsoft Fixes 14 Flaws on Patch Tuesday 15 August 2007 This month's patch Tuesday from Microsoft saw the biggest security update since February of this year. Tuesday's update saw 9 security bulletins issued addressing 14 vulnerabilities. Eight of the fixes were rated as critical, the highest risk rating given by Microsoft for its patches. Four bulletins were released for Windows 2000, five for Windows XP and two for Vista. Other products affected included Internet Explorer and Microsoft Excel. http://www.computerworld.com/action/article.do?command=printArticleBasic &articleId=9030696 http://www.smh.com.au/news/security/microsoft-issues-six-critical-ptches /2007/08/15/1186857572390.html http://www.vnunet.com/vnunet/news/2196636/microsoft-patches-critical [Editor's Note (Skoudis): I'd like to draw your attention to MS07-049. This patch for Virtual PC and Virtual Server fixes a heap overflow vulnerability that, according to Microsoft, "Could allow a user with administrator permissions to the guest operating system to run code on the host operating system or other guest operating systems." That's a textbook definition of VM escape. For years, many very bright folks have told me that VM escape is impossible. Folks, it is possible. How can you cope? First, harden your guest machines. Next, patch your VM software just as diligently as you patch your OSs. Then, on critical VMs with sensitive data, disable any ease of use features, such as drag and drop, file sharing, and cut and paste. Finally, plan your VM deployment carefully, assuming that VM escape is a possibility. Put strong guests with sensitive data on one underlying host, and weak machines without sensitive data on another underlying host. Don't mix and match.] I have heard many things that could put a damper on virtualization, but the biggest could be "VM escape". Are there any opinions on campus as to the implications of this revelation? +-------------------------------------------+ | Michael Surato | | College of Arts and Letters | | Michigan State University | | 320 Linton Hall | | East Lansing, MI 48824 | | Voice: (517) 353-0778 Fax: (517) 355-0159 | +-------------------------------------------+