382 Computer Security BlogUncategorized

[382] Making the Virtual All-Too Real

ArsTechnica reports today on a successful VM escape exploit employed during this year’s Pwn2Own hacking contest. Most impressively, it’s launchable from a webpage: the exploit doesn’t even need to run directly in the guest VM, but can run straight from Microsoft Edge on a guest Windows 10.

Naturally, this type of exploit is always more than a little unsettling. The most reliable way to sandbox programs is to run them in a virtual machine; a properly virtualised program will never be able to touch the host operating system, the principle goes, and we often rely on it.

Yet the Pwn2Own contestants not only managed to exploit a uninitialised buffer vulnerability in the virtualiser, they also managed to pair it with a heap overflow bug in Microsoft Edge’s JavaScript runtime and a Windows 10 kernel type-confusion bug, allowing them to compromise the host PC from a webpage inside of the guest VM.

The contestants have been awarded a handsome $105,000 for their efforts, making them this contest’s biggest victors. Expect the relevant bugs to be patched before their details are released publically — just make sure you keep your software updated in the meantime.

Leave a Reply

Your email address will not be published. Required fields are marked *