So this came out while I was on holiday – but I just thought I would pause to highlight this:
Microsoft Security Bulletin MS07-049 – Important
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
This important security update resolves one privately reported vulnerability. This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability.
Some key point here are:
- This does not affect Virtual PC 2007 or Virtual Server 2005 R2 SP1. You only need this fix if you are running earlier versions of the product.
- You can download this fix from http://www.microsoft.com/technet/security/Bulletin/MS07-049.mspx
- Thanks to Rafal Wojtczuk of McAfee Avert Labs for working with us on this issue.