| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS09-033 | Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) | Microsoft Virtual | Critical | 15-07-2009 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in the way that Microsoft Virtual PC and Microsoft Virtual Server incorrectly validate privilege levels when executing specific instructions in the Virtual Machine Monitor. This vulnerability could allow an attacker to run code with elevated privileges inside the hosted guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts on the guest operating system with full user rights.
Further information on this exploit is available at : MS09-033
Affected Software
Microsoft Virtual PC 2004 Service Pack 1Microsoft Virtual PC 2007
Microsoft Virtual PC 2007 Service Pack 1
Microsoft Virtual PC 2007 x64 Edition
Microsoft Virtual PC 2007 x64 Edition Service Pack 1
Microsoft Virtual Server 2005 R2 Service Pack 1
Microsoft Virtual Server 2005 R2 x64 Edition Service Pack 1