Ben Scott wrote: > Sounds like yet another reason to run as an regular user, not with > administrator rights. (Ring 0 being supervisor mode on i386; Ring 3 > is user mode, IIRC.)
In this case ring 0 is the kernel. All user level processes - regardless of whether the user is root or Administrator or john.smith - run in ring 3. From the CPU perspective administrative vs non-administrative processes are indistinguishable as they are an OS-specific construct. Based on the 4th paragraph in the article, it looks like it would primarily afflict CPUs that have hardware virtualization support (and said support turned on). One hypothetical exploit would be to bypass the hypervisor of, say, ESX and break out of the guest OS and take over the physical machine. -- Phil Brutsche [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
