To All:
Last week, the U.S. Computer Emergency Readiness Team
(US-CERT) reported a vulnerability, on Intel CPU hardware, that could
lead to a privilege escalation attack on some 64-bit operating systems
and virtualization softwares running on Intel CPU hardware.
In
these years many security flaws have affected different virtualization
platforms but this episode is remarkable because, originated at the CPU
level, affects many different systems and not just a single vendor.
Two
days ago US-CERT updated the list of the affected systems, that
includes Windows 7, Windows Server 2008 R2, FreeBSD and NetBSD as well
as Xen hypervisor, that we report in a “per Vendor” grouping.
======
Intel
claims that this vulnerability is a software implementation issue, as
their processors are functioning as per their documented specifications.
However, software that does not take the unsafe SYSRET behavior
specific to Intel processors into account may be vulnerable.
======
US-CERT
in its security advisory, fortunately, VMware vSphere, which is still
the most common hypervisor in the companies, does not seem to be
affected from this problem.
=-=-=-=-=
Here is link to CERT's Advisory :
http://www.kb.cert.org/vuls/id/649219
Regards,
Harvey Rothenberg
System Integrator/Security Specialist
"Experience is a hard teacher because she gives the test first, the lesson
afterwards." -- Unknown
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
