If you've read my biography and some of my posts, you'll know that I'm an almost rabid proponent of server virtualization and since I cut my teeth on VMware ESX Server, I'm a huge fan of their products. I like to know that I'm getting the most out of my expensive, high-performance hardware and virtualization allows me to do just that.
Another important aspect to virtualization is the level of isolation and security provided to the virtual machine (VM) and the server or desktop hosting those VMs. This helps to ensure that a misbehaving application won't adversely affect the function of the VMs operating alongside it or the underlying host.
In recent years this feature has provide protection for end-users by allowing them to use VMware Player or Workstation to create a VM on their desktop that is solely dedicated for use when accessing the Internet. Should the VM ever become subject to a virus, spyware or other malware; rather than trying to extricate the malware (sometimes almost impossible), the user could dispose of the infected VM and deploy a fresh one.
Virtualization has even allowed IT security personnel to create a virtual Petri dish to study malware behavior without putting their systems at undue risk. It was thought that the virtualization layer insulated the underlying server/desktop hosting the VM from being compromised by a VM-resident nasty, but that is now proving not to be the case.
I had read previously that a host could be vulnerable and now have read something more definitive in The Register:
"Security researchers have discovered a bug in VMware desktop virtualization applications that allows attackers to take complete control of the underlying PC, including the execution or modification of files on the host operating system.
The exploit uses a specially crafted path name to access folders that are being shared between the host and virtual environments. VMware applications fail to validate the malicious parameters passed from the guest system to VMware's Shared Folders mechanism. The Shared Folders mechanism then hands off the bad data to the host system's file system, which allows the exploit complete access."
According to the article, VMware is working on a fix. In the meantime a workaround is to "disable the shared folders feature in VMware's Workstation, Player and ACE applications. If sharing can't be turned off, users should configure it for read-only access and implement file system monitoring."
Comment Preview