Virtualization.com

News and insights from the vibrant world of virtualization and cloud computing

Search Results for: virtualization security

Core Security Unveils Vulnerability in Key Microsoft Virtualization Technology

by Leave a Comment

Core Security Technologies, provider of the CORE IMPACT family of comprehensive enterprise security testing solutions, has issued an advisory disclosing a vulnerability that could affect large numbers of organizations and consumers using Microsoft’s Virtual PC virtualization software and leave them open to potential attack.

A Core Security Exploit Writer working with CoreLabs, the research arm of Core Security Technologies, found that affected versions of Virtual PC hypervisor contain a vulnerability that may allow attackers to bypass several security mechanisms of the Windows operating system to compromise vulnerable virtualized systems.

The issue may also transform a certain type of common software bug into exploitable vulnerabilities.Microsoft’s Virtual PC hypervisor is an element of the company’s Windows Virtual PC package, which allows users to run multiple Windows environments on a single computer. The hypervisor is a key component of Windows 7 XP Mode, a feature in Microsoft’s latest desktop operating system aimed at easing the migration path into the new OS for users and enterprises that need to run legacy Windows XP applications on its native OS.

Affected versions of the product include: Microsoft Virtual PC 2007, Virtual PC 2007 SP1, Windows Virtual PC and Microsoft Virtual Server 2005. On Windows 7 the XP Mode feature is affected by the vulnerability.

Microsoft Hyper-V technology is not affected by this problem.

The issue was reported to Microsoft in August of 2009. The vendor indicated that it plans to solve the problem in future updates to the vulnerable products.

Windows Virtual PC and Microsoft Virtual PC 2007 are desktop systems virtualization applications from Microsoft that are used to run one or many virtual hosts on a single physical system. Windows Virtual PC is used to run Windows XP Mode applications directly from a Windows 7 desktop.

In Microsoft Virtual PC and Windows Virtual PC, the Virtual Machine Monitor (VMM) is responsible for mediating access to hardware resources and devices from operating systems running in a virtualized environment. A vulnerability found in the memory management of the Virtual Machine Monitor makes it such that memory pages mapped above the 2GB level can be accessed with read or read/write privileges by user-space programs running in a Guest operating system.

By leveraging this vulnerability it is possible to bypass several security hardening mechanisms of Windows operating systems, such as Data Execution Prevention (DEP), Safe Exception Handlers (SafeSEH) and Address Space Layout Randomization (ASLR). As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC.

In particular, a vulnerable application running in Windows XP Mode on Windows 7 may be exploitable in a virtual environment, while the same application running directly on a Windows XP SP3 operating system is not.

The vulnerability invalidates a basic assumption about the memory management operations of the Windows operating system on which several security hardening mechanisms rely for correct operation. As a result, those defense-in-depth mechanisms should no longer be considered effective enough to prevent exploitation of un-patched vulnerabilities in Windows applications running on systems virtualized using the Virtual PC hypervisor. Additionally, software bugs that may have been dismissed as not security-relevant due to being not exploitable and for which security patches may not be readily available could become exploitable vulnerabilities due to the Virtual PC hypervisor bug.

For more information on this vulnerability and the systems affected, please visit: http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug

Fortinet Patents Four New Network Virtualization And Multi-Threat Security Related Inventions

by Leave a Comment

Fortinet, a provider of unified threat management (UTM) solutions, has announced that the US Patent and Trademark Office has awarded the company four additional patents for network virtualization and security related inventions. These new patents strengthen Fortinet’s intellectual property portfolio, bringing Fortinet’s total awarded patents to 17.

Fortinet

Charles Cote, Fortinet Regional Director for Australia and New Zealand commented on ARN:

“Security consolidation and virtualisation are key business trends for enterprise networks. Fortinet is the clear technology pioneer in the unified threat management space, with a long track record of innovation. Our security consolidation solutions based on these new virtualisation patents will help our customers build more efficient and easier to manage security systems.”

The four new patents reflect Fortinet’s focus, on innovative methods for processing network data while applying various security-related filtration processes within a consolidated and accelerated platform. Three of the newly awarded patents are directed to the routing and processing of data in virtualized environments.

“These patents support Fortinet’s innovation and vision for an integrated, multi-threat and virtualised approach to network security – groundswell areas for the networking and security industries,” said Michael Xie, CTO and co-founder of Fortinet. “As we continue our strong research and development efforts, our growing patent portfolio provides momentum for accelerating the course of innovation we are undertaking.”

[Source: ARN]

Payment Card Industry Lack Virtualization-Specific Requirements For Security Audits

by Leave a Comment

Good catch by Eric Siebert over at the Server Virtualization Blog: the Payment Card Industry’s data security standards (PCI DSS), requirements set forth by the major credit card players – Visa, Mastercard, American Express and Discover in order to protect credit card data, apparently don’t have any virtualization-specific requirements put into practice so far.

“Having just survived another annual PCI compliance audit, I was again surprised that the strict standards for securing servers that must be followed contain nothing specific concerning virtual hosts and networks. Our auditor focused on guest virtual machines (VMs), ensuring they had up-to-date patches, locked-down security settings and current anti-virus definitions. But ironically, the host server that the virtual machines were running on went completely ignored. If the host server was compromised, it wouldn’t matter how secure the VMs were because they could be easily accessed. Host servers should always be securely locked down to protect the VMs which are running on them.”

Read the rest of the blog post here.

Is Virtualization The Biggest Security Vulnerability In IT Today?

by 2 Comments

The question is asked by Senior Reporter from Forbes Andy Greenberg, who attended the security industry’s big annual confab, the RSA Conference, and wrote up an article aptly titled ‘Virtualization Dark’s Side’. He writes:

“In the past few months, security researchers have revealed bugs in practically every piece of virtualization software, including products from virtualization heavyweights VMware and Microsoft.

Exploiting those bugs, attackers can use what researchers call “virtual machine escape,” or “hyperjacking.” By taking control of the hypervisor, the piece of software that controls all the virtual computers within a machine, an attacker can “escape” from any single virtual computer hosted on the machine and quickly multiply his or her access to a company’s data.”

Virtualization security researchers and experts were quick to point out the weaknesses of virtualization and several techniques to breach the security.

Joanna Rutkowska, the founder of security research firm Invisible Things Lab, reportedly described a new type of virtualization-based malware that could be used to take control of a machine running virtualization software. Because virtualization allows companies to store many virtualized software “images” of computers on a single physical machine, an attack like the one Rutkowska envisions would allow a hacker “not only to control a single machine but to siphon data from any virtual machine it contains”.

Rutkowska also described how an intruder could install what she calls a “blue pill,” a second, malicious hypervisor that controls the original hypervisor and all of the virtual machines beneath it.

Fortunately, she also said that the attacks she discussed are likely too new to have ever been used by real-world cybercriminals, and are unlikely to become common.

What do you think?

Nicira Comes Out Of Stealth Mode With “Game-Changing” Network Virtualization Platform

by 1 Comment

Backed by top-tier VCs such as Andreessen Horowitz, NEA and Lightspeed Venture Partners, network virtualization company Nicira has publicly unveiled its Network Virtualization Platform (NVP), a software-based system that creates a distributed virtual network infrastructure in cloud data centers that is completely decoupled and independent from physical network hardware.

Fresh out of stealth mode, Nicira has already attracted AT&T, eBay, Fidelity Investments, NTT and Rackspace as customers.

From the official company pitch:

NVP was designed to address the shortcomings of traditional networks by offering a platform that provides the operational model of a virtual machine. While applications have been decoupled from servers through compute virtualization, they have not yet been decoupled from the network through any type of scalable network virtualization. As a result, virtualized data centers face limits to what applications they can support and where the workloads can be placed.

These limitations restrict workload mobility, thus lowering resource utilization of servers, a primary cause of operational overhead. Legacy approaches can leave as much as 20%-30% of the server capacity in data centers under utilized and drive up networking costs several fold, based on Nicira’s work with the largest cloud data center operators.

NVP forms a thin software layer that treats the physical network as an IP backplane. This approach allows the creation of virtual networks that have the same properties and services as physical networks, such as security and QoS policies, L2 reachability, and higher-level service capabilities such as stateful firewalling.

These virtual networks can be created dynamically to support VM mobility anywhere within or between data centers without service disruption or address changes.

Will people really call it the ‘VMware of networking’, then? Likely.

NVP software is delivered through a usage-based, monthly subscription-pricing model, which scales per virtual network port. Customers only pay for what they use, and pricing scales accordingly.

Nicira was founded by networking research leaders Martin Casado and Nick McKeown from Stanford University and Scott Shenker from University of California.

The company has raised $50 million in funding to date, from the aforementioned venture capital firms as well as individual investors including VMware co-founder Diane Greene and Benchmark Capital co-founder Andy Rachleff.

Cisco, Microsoft Team Up For Data Center Virtualization Solutions

by Leave a Comment

Cisco has announced that is partnering with Microsoft to deliver data center virtualization solutions designed to provide improved scalability and operational control of Microsoft Windows Server “8” virtual environments.

The Cisco Nexus 1000V distributed virtual switch and the Cisco Unified Computing System with Virtual Machine Fabric Extender (VM-FEX) capabilities will work with the Windows Server Hyper-V hypervisor to provide customers with Cisco networking features that are constant across both virtual and physical networks while supporting customers’ existing IT management processes.

The Cisco Nexus 1000V distributed virtual switch adds the dynamic provisioning and management capabilities of Cisco NX-OS Software to Windows Server Hyper-V to simplify the operations of virtual networking infrastructures as extensions of physical networks.

It also provides full VM-level visibility, security controls in a virtualized environment that are consistent with their Cisco physical network.

By working with Microsoft System Center Virtual Machine Manager (VMM) management tools, the Cisco Nexus 1000V will help network, virtualization and server administrators gain efficiency in collaboratively managing multi-tenant and mobile virtual environments. It also helps them to obtain real-time data for troubleshooting of virtual environments.

The Cisco Nexus 1000V and VM-FEX solutions for Hyper-V will be available when Windows 8 Server is released to the market.