The virtual machine escape demonstrated at Pwn2Own this year showed that for even as isolated software defined machines, VMs are not without there security concerns. Andrea Mauro took this as inspiration to reflect on some of the other vulnerabilities. Virtually networking is probably the most common, as the guest machines as vulnerable as any other to these kind of exploits. These are mitigated by the supposed isolation each machine enjoys. Andrea does point out though that any time you have shared components between machines, you introduce the possibility of mitigating the virtual machines inherent estrangement.
It goes to show that the old tradeoff of security vs convenience applies equally as well to the virtual machine world as to the physical one.
Andrea Mauro comments:
Recent VMware security bug (VMSA-2017-0006) is related to one of the worst possible security issue in a virtualization environment: a possible “guest escape” vulnerability that allows arbitrary code execution on a host system from the guest system. It’s not the first time of a similar risk (see, for example, Microsoft Edge used to escape VMware Workstation at Pwn2Own 2017) but this kind of issue is a different risk level if it affect Worksation (so “just” a client environment) or a ESXi (potentially a datacenter environment).
Read more at: How a VM is really isolated
- QLC NAND – how real is it and what can we expect from the technology? - August 18, 2017
- Episode 8 – Wireless Misconceptions - August 17, 2017
- Dueling AMD and Intel Server CPUs, HyperGrid Brings On-Demand to the Data Center, and Old World AI in Gestalt Server News 17.8 - August 16, 2017
- Sprucing up the lab with ioFABRIC & NVMe - August 16, 2017
- AMD Threadripper X399 Motherboards RANKED (by tackiness) - August 15, 2017
- Will Killing Net Neutrality End the Public Cloud? - August 15, 2017
- Cloud is More Than a Data Center: The On-Premise IT Roundtable - August 15, 2017
- Red Hat Launches the PodCTL Podcast - August 14, 2017
- Intel’s new ‘Ruler’ SSD pushes for petabyte capacity - August 14, 2017
- Babies vs Wi-Fi - August 11, 2017