RealTime IT News

Core Security Identifies Virtual PC Hole

Windows 7 users don't have to leave Windows XP behind thanks to the Virtual PC feature available in some versions of the new operating system.

That can be a great help to users that need to run certain apps in XP mode, but according to a story in eSecurity Planet, a security firm has identified a bug it says makes using the virtualization software a risky proposition.

Security firm Core Security Technologies published a security advisory this week, including proof of concept code, that could let an attacker take control of applications running virtualized in Microsoft's Virtual PC technology which is included in some versions of Windows 7.

Microsoft (NASDAQ: MSFT) acknowledges that the hole is real but questions the severity of the problem.

According to Microsoft, while it may be possible to take over an application running inside a Windows virtual machine, the vulnerability as it stands now is not capable of letting an attacker break out into the host operating system.

Read the full story at Datamation:
Firm Warns of Hole in Windows Virtual PC