I know that we need to consider the security of each and every virtual host. What, though, are the risks and vulnerabilities
associated with the virtual machine itself, the application that runs on top of the operating system? What are the implications if the VM is hacked? Does the hacker then own all the VM hosts?
First, let's start with the guests. If the attacker can compromise the virtual machines, they will likely have control of all of the guests, since the guests are merely subsets of the program itself. Also, most virtual machines run with very high privileges on the host because a virtual machine needs comprehensive access to the host's hardware so it can then map the real hardware into virtualized hardware for the guests. Thus, compromising the virtual machine means not only that the guests are goners, but the host is also likely lost.
And such worries here are not merely theoretical. In December 2005, a widely publicized flaw in VMware sent shudders up some of our spines. A vulnerability in VMware's NAT service could have allowed remote attackers to execute malicious code by exploiting the VM itself. It should be noted that this issue, while a concern, was not really a VM escape. It was, instead, an exploitable buffer overflow vulnerability. A true VM escape, if such a thing is possible, involves running code in a guest that would allow an attacker to jump out and execute commands in the host operating system. There are no publicly available VM escape tools as of this writing. And, VMware thankfully patched the December buffer overflow quickly, and no major compromises associated with the problem were ever publicized.
However, in the end, it's crucial to keep your VM software itself patched to minimize the chance of vulnerabilities there. Additionally, if you do not need all of the fancy services that virtual machine-enabling software offers and installs, don't install them. For example, if you don't need to share files among guests and hosts, drag and drop features, shared clipboards, and so forth, consider not installing these tools. And, as always, any software without a defined business need should be left off of systems, as its introduction could expose you to vulnerabilities. Virtual machine tools are no exception.
Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)
Related Q&A from Ed Skoudis, Contributor
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.