Microsoft's Virtual PC could leave companies using the software vulnerable to attack. An exploit writer at Core Security discovered the vulnerability in Virtual PC, and reported it to Microsoft in august 2009.
The vulnerability applies on all well known versions of Virtual PC. Basically, the hole could allow an hacker to bypass DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization).
Microsoft said that it is a "way for an attacker to more easily exploit security vulnerabilities already present on the system."
Cyberwarzone suggest run most important software on native systems, or use other virtualization software.
Tags:
