Print

Print


Hi everyone:

I was talking to some collegues at lunch, and a conversation about
virtualization came up. I had just read the SANS NewsBites, and found an
interesting story about the latest round of Microsoft patches. In the
editor's comments there was an interesting point about virtualization.
This article reads:

--Microsoft Fixes 14 Flaws on Patch Tuesday
15 August 2007
This month's patch Tuesday from Microsoft saw the biggest security
update since February of this year.  Tuesday's update saw 9 security
bulletins issued addressing 14 vulnerabilities.  Eight of the fixes were
rated as critical, the highest risk rating given by Microsoft for its
patches.  Four bulletins were released for Windows 2000, five for
Windows XP and two for Vista.  Other products affected included Internet
Explorer and Microsoft Excel.
http://www.computerworld.com/action/article.do?command=printArticleBasic
&articleId=9030696
http://www.smh.com.au/news/security/microsoft-issues-six-critical-ptches
/2007/08/15/1186857572390.html
http://www.vnunet.com/vnunet/news/2196636/microsoft-patches-critical
[Editor's Note (Skoudis): I'd like to draw your attention to MS07-049.
This patch for Virtual PC and Virtual Server fixes a heap overflow
vulnerability that, according to Microsoft, "Could allow a user with
administrator permissions to the guest operating system to run code on
the host operating system or other guest operating systems."  That's a
textbook definition of VM escape.  For years, many very bright folks
have told me that VM escape is impossible.  Folks, it is possible.  How
can you cope?  First, harden your guest machines.  Next, patch your VM
software just as diligently as you patch your OSs.  Then, on critical
VMs with sensitive data, disable any ease of use features, such as drag
and drop, file sharing, and cut and paste.  Finally, plan your VM
deployment carefully, assuming that VM escape is a possibility.  Put
strong guests with sensitive data on one underlying host, and weak
machines without sensitive data on another underlying host.  Don't mix
and match.]

I have heard many things that could put a damper on virtualization, but
the biggest could be "VM escape". Are there any opinions on campus as to
the implications of this revelation?

+-------------------------------------------+
|            Michael Surato                 |
|      College of Arts and Letters          |
|      Michigan State University            |
|            320 Linton Hall                |
|        East Lansing, MI 48824             |
| Voice: (517) 353-0778 Fax: (517) 355-0159 |
+-------------------------------------------+