<< Back
CVE Number Vulnerability Product Severity Date
MS09-033 Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) Microsoft Virtual Critical 15-07-2009

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system.
Detailed Information on the risk:

An elevation of privilege vulnerability exists in the way that Microsoft Virtual PC and Microsoft Virtual Server incorrectly validate privilege levels when executing specific instructions in the Virtual Machine Monitor. This vulnerability could allow an attacker to run code with elevated privileges inside the hosted guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts on the guest operating system with full user rights.


Further information on this exploit is available at : MS09-033

Affected Software

Microsoft Virtual PC 2004 Service Pack 1
Microsoft Virtual PC 2007
Microsoft Virtual PC 2007 Service Pack 1
Microsoft Virtual PC 2007 x64 Edition
Microsoft Virtual PC 2007 x64 Edition Service Pack 1
Microsoft Virtual Server 2005 R2 Service Pack 1
Microsoft Virtual Server 2005 R2 x64 Edition Service Pack 1