Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
 All Forums
 Cloud Computing
 Anything Cloud-Related
 Interesting Vunerability

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
Note: please do not cross-post.
Cross-postings will be deleted and ignored.
Thanks for helping to keep this forum junk-free!
 Check here to subscribe to this topic.
   

T O P I C    R E V I E W
Scott.Calvet Posted - 06/14/2012 : 11:16:36 PM
http://www.kb.cert.org/vuls/id/649219
6   L A T E S T    R E P L I E S    (Newest First)
wkasdo Posted - 06/17/2012 : 2:13:16 PM
> but if Windows can be hacked isn't Hyper-V still vunerable from the sense you could shut down the Hyper-V hosts and all their VM's completely by shutting down Windows?

Absolutely. I think the point is that you cannot do so from a VM. It's always the case that if you own the host, then you own the VM's. Attacking one VM from another is a different story, and one that would fly if you could go from Ring 3 to Ring -1.
Scott.Calvet Posted - 06/17/2012 : 09:34:51 AM
The KB said "This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2."

So while Hyper-V may not be affected because of what ring it lives in, partioning, and all that fun stuff... what I want to know is can or does Hyper-V run or exist without the Windows kernel? Granted its accessing the hardware directly for resources etc so we can blur the lines of what a Type-1 hypervisor is, but if Windows can be hacked isn't Hyper-V still vunerable from the sense you could shut down the Hyper-V hosts and all their VM's completely by shutting down Windows?

I know this isn't the most critical vunerability ever since the kb said "the attacker must have valid logon credentials and be able to logon locally" but that being said it brings up an interesting discussion.
wobble_wobble Posted - 06/17/2012 : 01:59:01 AM
Willem,

Yes I was curious about that, as Ring -1 was promoted as the safe place.

But what is the interaction between say Hyper-V manager on a host or SCVMM and the hypervisor. I know hyper-v does not have shared folders like VMware, again that was toted as a security measure.
wkasdo Posted - 06/16/2012 : 2:05:25 PM
Hyper-V is not affected. Believe me, it would not be just an "important" patch if it were affected :-)_

Reading the original post I see that the escalation is from Ring 3 (user mode) to Ring 0 (kernel). The Hyper-V hypervisor lives at Ring -1.
NMDANGE Posted - 06/16/2012 : 10:46:24 AM
Good thing I have an AMD CPU
wobble_wobble Posted - 06/15/2012 : 6:36:49 PM
Aidan posted on this as well
http://www.aidanfinn.com/?p=12837
http://www.aidanfinn.com/?p=12838

I'd like to ask one question.

There is a hotfix mentioned in the first post, but you say Hyper-V isn't effected in the second post.

So does this mean that Server 2008 and Server 2008R2 Hyper-V is vulnerable, but the Windows 8 Beta and Server 2012 RC are not vulnerable?

Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.08 seconds. Snitz Forums 2000