Vulnerability in Virtual PC for Mac

bobw · Feb 11, 2004

Microsoft Security Bulletin MS04-005
Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)

Issued: February 10, 2004
Version: 1.0

Summary

Who should read this document: Customers who are using Microsoft® Virtual PC for Mac

Impact of vulnerability: Elevation of Privilege

Maximum Severity Rating: Important
Recommendation: Customers should install this security update at the earliest opportunity

Affected Software:
Microsoft Virtual PC for Mac version 6.0 - Download the update

Microsoft Virtual PC for Mac version 6.01 - Download the update

Microsoft Virtual PC for Mac version 6.02 - Download the update

Microsoft Virtual PC for Mac version 6.1 - Download the update

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms04-005.asp

Randman · Feb 11, 2004

Thanks for the heads-up. You wonder why M$ just doesn't include a copy of mydoom with every VPC.

Captain Code · Feb 11, 2004

I guess we can't blame this one completely on MS because they just bought the code.

I don't see why VPC should be allowed to run under an administrator account which could be exploited.

Arden · Feb 11, 2004

Somehow, I don't see this really as "Important." If there's someone out there with malicious intent who has the ability to physically log on to your computer with administrative privileges, you've got bigger problems than worrying about whether or not they'll do something to your Mac with Virtual PC. Considering only sysadmins can do anything regarding this bug, it doesn't surprise me that Connectix let it slide. "Who's going to exploit their own system?"

Vulnerability in Virtual PC for Mac

bobw

The Late: SuperMacMod

Randman

HA! HA! HA!

Captain Code

Moderator

Arden

Where mah "any" keys at?