Microsoft Warns of Virtual Machine Flaws

Information about exploits, how to use them, how to test for them, and new exploits.


Microsoft Warns of Virtual Machine Flaws

Postby kostyanj » Wed Apr 09, 2003 9:11 pm,aid,110220,00.asp

Microsoft warned users on Wednesday about two new security vulnerabilities affecting its Microsoft Virtual Machine, Microsoft Proxy Server 2.0, and Microsoft ISA Server 2000 products.

The Microsoft Virtual Machine (VM) contains a critical vulnerability that could allow a remote attacker to gain control of affected machines, according to security bulletin MS03-011.

The vulnerability, which occurs in code for a VM process called the ByteCode Verifier, could enable an attacker to use illegal sequences of byte codes to bypass security checks in the software, Microsoft said.

The ByteCode Verifier process is responsible for checking code as it is loaded into the Virtual Machine, the company said.

Attackers could launch an attack using a Java applet embedded in a Web page or HTML format e-mail message. Once compromised, a vulnerable machine could be used to run the attacker's code, though only with the permission of the active user account, Microsoft said.

User avatar
Posts: 836
Joined: Thu Feb 27, 2003 4:08 am

Postby wacky-sung » Thu Apr 10, 2003 3:18 am

Therefore it is very important to run a manual update after installing microsoft VM and there is a patch for it. ^o^
Posts: 68
Joined: Mon Apr 07, 2003 4:30 am

Return to Software Exploits

Who is online

Users browsing this forum: No registered users and 2 guests