Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Greg.

« Would you Consider a Server 2008 Workstation? | Main | Come Visit TechMentor by the Bay... »

Major Flaw in VMware Workstation/Player/ACE. Allows an Attacker to "Jump" from a Guest to Host.

This one's particularly scary, folks. VMware announced late last week a new vulnerability in their client-based virtualization software -- Workstation, Player, and ACE -- that would allow an attacker to bridge or "jump" from a guest O/S through to the host O/S. This vulnerability specifically would allow the attacker to add or modify files on the host.

According to VMware, there is currently no fix for the problem, which occurs in the shared folders feature. It appears that disabling this feature will eliminate the attack vector.

The vulnerability does not appear in ESX or Server as neither of these apps have the shared folders feature.

More info at: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034

Tags:      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Greg Shields on February 27, 2008 9:59 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-windowsserver.com/type/mt-tb.cgi/686

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Greg Shields' Bio:

Greg Shields, is an independent author, instructor, and IT consultant based in Denver, Colorado, and a co-founder of Concentrated Technology. With nearly 15 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft systems management, remote application, and virtualization technologies. Greg is a Contributing Editor for Redmond Magazine, MCPmag.com, and Virtualization Review Magazine and is the author of five books, including Windows Server 2008:  What’s New / What’s Changed. Greg is also a highly sought-after instructor and speaker, speaking regularly at conferences like TechMentor Events, and producing computer-based training curriculum for CBT Nuggets.  Greg is a recipient of Microsoft "Most Valuable Professional" award with a specialization in Windows Terminal Services.