Core Security Technologies, based in Boston, Mass., announced the discovery of a flaw in VMWare's desktop virtualization software for Windows that could leave companies vulnerable to hackers. The company discovered that a malicious user or software running on a guest system within VMware's desktop software could break out of the isolated environment and gain full access to the host computer system.
"What's most relevant about this vulnerability is it demonstrates how virtual environments can provide an open door to the underlying infrastructures that host them," said Core Security's CTO Ivn Arce. He said organizations often adopt virtualization technologies with the assumption that the isolation between the host and guest systems will improve their security posture, but this discovery acts as a "wake-up call" for IT managers' security.
"It is signals that virtualization is not immune to security flaws and that 'real' environments aren't safe simply because they sit behind virtual environments," he said.
CoreLabs, the research center of Core Security Technologies, discovered the vulnerability affects VMware Workstation, Player and ACE software and it is only exploitable when shared folders are enabled and at least one folder on the host system is configured for sharing. The announcement comes on the eve of VMWare's first annual VMworld Europe conference.
VMWare acknowledged the flaw and has told users to disable shared folders, and said the vulnerability isn't present in its server line because VMware Server and ESX Server do not use shared folders. Core Security also recommended disabling shared folders, or, if the shared folders feature is required, to reconfigure it for read-only access.
This is the second security alert in as many weeks for the Palo Alto-based company. On February 22 VMWare issued patches to fix vulnerabilities in its ESX Server, which could allow hackers to circumvent security controls and view sensitive information.
|
New Storage Devices Come To Light At CES 2012, Storage Visions While the buzz in Las Vegas this week was focused on tablets, TVs, and smart mobile devices, there was plenty to see at the CES and Storage Visions conferences for anyone looking for the latest storage innovations. |
|
12 New Flash Memory, SSD Devices Provide Diversity Diversity was the watchword in the second half of 2011 as vendors introduced a wide range of SSDs and Flash memory devices to increase the storage performance of mission-critical applications. |
|
10 Storage Predictions For 2012 The storage industry will never be the same after 2012 as data capacity growth decelerates, cloud storage accelerates, and mobile devices force storage admins to rework their playbooks. |
 More
Slide Shows |
