US-CERT warns of virtualisation vulnerability

Information Week states.

The warning arrived in the form of a security advisory released by the US Computer Emergency Readiness Team (US-CERT).

"Some 64-bit operating systems and virtualisation software running on Intel CPU hardware are vulnerable to a local privilege escalation attack," it read.

Computing.co.uk says the flaw does not affect popular commercial virtualisation software from VMware.

The Xen Project, the open source group responsible for virtualisation software, described the vulnerability as follows: "It has to do with a subtle difference in the way in which Intel processors implement error handling in their version of AMD's SYSRET instruction.”

The vulnerability can only be exploited on Intel CPUs when the Intel 64 extension is in use, Fudzilla notes.

Some of the operating systems confirmed as vulnerable so far include x64-based versions of Windows 7 and Windows Server 2008 R2, the 64-bit versions of FreeBSD and NetBSD, the Xen virtualisation software, as well as Red Hat Enterprise Linux and SUSE Linux Enterprise Server.