Windows 7 “XP Mode” Vulnerability

This past Thursday (3/18/10) Microsoft announced that it will be dropping the hardware acceleration requirement for using the “XP Mode” feature on Windows 7.  XP Mode allows a user to run software which is not Windows 7 compatible in a virtualized instance of Windows XP on the same box.  Previously, to use this feature in Windows 7 you also had to have hardware virtualization acceleration, such as Intel  VT or AMD-V.  However, with this update anyone with Windows 7 (Professional, Enterprise, or Ultimate editions) can now use it.  It’s nice to see Microsoft making some concessions for those users that have been unable to migrate to it’s newest platform, and perhaps provide them some encouragement.  But there’s a catch.

That catch comes in the form of an announcement from Core Technologies of a vulnerability in Microsoft’s Virtual PC which allows an attacker to bypass some of the security safeguards which would normally be in place if the system was running on bare metal.  (rather than as a guest OS, as well as some of the tools in place to protect Windows 7 such as DEP, ASLR and SafeSEH)  This means that older vulnerabilities which were not considered exploitable, as other protections were in place, have been given a new lease on life.

Microsoft’s response downplays the announcement.  Microsoft is not calling this a vulnerability, as it requires that there already be another vulnerability to exploit.  As such, they will not be releasing a patch for the flaw, but will instead be waiting until the next release or service pack for the Virtual PC product.

In response, Paul Cooke from Microsoft says, “An attacker can only exploit a vulnerable application running “inside” the guest virtual machine on Windows XP, rather than Windows 7!”.  The exclamation mark at the end of this sentence was bothersome.  It seems that they are missing something.  Obviously there have been enough people up in arms about compatibility issues with Windows 7 that Microsoft felt the need to relax the restrictions on XP mode to encourage migration to 7.  This also says that there are companies which have software doing very important things and that the software doesn’t like Windows 7, hence the need for XP mode to be used more widely.  It’s all well and good that the host Windows 7 box is fine, as the excited Microsoft response above states, but if the important stuff is in the Virtual PC then who cares about the host OS?

More coverage is available at Threatpost

One Response to “Windows 7 “XP Mode” Vulnerability”

  1. [...] Mode IssuesI found this on Securabit, how the installation and use of XP Mode in Windows 7 exposes the system to XP OS vulnerabilities, [...]

Leave a Reply