Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/25/2008
11:01 AM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Virtualization: Just Another Layer Of Software To Patch?

Researchers at Core Security have issued an advisory warning users of a significant security flaw in a number of VMware desktop apps that could allow attackers to gain complete access to the underlying operating system.

Researchers at Core Security have issued an advisory warning users of a significant security flaw in a number of VMware desktop apps that could allow attackers to gain complete access to the underlying operating system."What's most relevant about this vulnerability is it demonstrates how virtual environments can provide an open door to the underlying infrastructures that host them," said Iván Arce, CTO at Core Security Technologies, in a statement.

The vulnerability affects VMware Workstation, Player, and ACE software. It is only exploitable when Shared Folders are enabled -- which is a default setting -- and at least one folder on the Host system is configured for sharing.

For enterprise users, this flaw doesn't affect VMWare's level 1 virtualization platforms, such as ESX. But on Thursday, the virtualization software maker did release a handful of vulnerabilities that do affect ESX. These flaws enable you to gain access to data and bypass security controls.

One of the first software applications I installed when I bought a MacBook Pro last summer was Parallels. After the initial amazement of running my Windows apps on my Mac wore off, I uninstalled it. I had quickly realized the level of complexity -- and risk -- I was bringing to my primary OS X operating system.

I'm much happier with Boot Camp. It runs at native speed. It doesn't hang. And I can harden it down and not worry, should it become comprised, that my primary OS also is at risk.

As for the current VMware flaw, Core Security recommends the following remedial actions:

  • Disable Shared Folders for all virtual machines that use the feature.

  • If the Shared Folders feature is required, configure it for read-only access.

  • If the Shared Folders feature is required, implement appropriate file system monitoring and access control mechanisms on the Host operating system.

  • Upgrade your VMware software to a nonvulnerable version.
  • (Don't you always just appreciate it when vendors suggest you UPGRADE your way out of a vulnerability?)

    Comment  | 
    Print  | 
    More Insights
    Comments
    Newest First  |  Oldest First  |  Threaded View
    Commentary
    Ransomware Is Not the Problem
    Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
    Edge-DRsplash-11-edge-ask-the-experts
    How Can I Test the Security of My Home-Office Employees' Routers?
    John Bock, Senior Research Scientist,  6/7/2021
    News
    New Ransomware Group Claiming Connection to REvil Gang Surfaces
    Jai Vijayan, Contributing Writer,  6/10/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    The State of Cybersecurity Incident Response
    In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2010-3446
    PUBLISHED: 2021-06-22
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
    CVE-2021-0536
    PUBLISHED: 2021-06-22
    In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Andr...
    CVE-2021-0537
    PUBLISHED: 2021-06-22
    In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0 configuration due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...
    CVE-2021-0538
    PUBLISHED: 2021-06-22
    In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: A...
    CVE-2021-0539
    PUBLISHED: 2021-06-22
    In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit...