Mon, Feb 25 2008 13:48
Critical VMware bug lets attackers zap 'real' Windows
A critical vulnerability in VMware Inc.'s
virtualization software for Windows lets attackers escape the "guest"
operating system and modify or add files to the underlying "host"
operating system, the company has acknowledged.
As of Sunday,
there was no patch available for the flaw, which affects VMware's
Windows client virtualization programs, including Workstation, Player
and ACE. The company's virtual machine software for Windows servers and
for Mac- and Linux-based hosts are not at risk.
The bug was
reported by Core Security Technologies, makers of the
penetration-testing framework CORE IMPACT, said VMware in a security
last Friday. "Exploitation of this vulnerability allows attackers to
break out of an isolated guest system to compromise the underlying host
system that controls it," claimed Core Security.
Full Story at computerworld.com
Filed under: Alerts