Word of the Day: Tech Definitions from WhatIs.com

Apr 29 2009   3:55PM GMT

VM escape – using the hypervisor as an attack vector

Margaret Rouse Margaret Rouse Profile: Margaret Rouse

posey Granted, no virtual machine escape hacks exist today, but if the IT security experts are right and this type of attack is eventually developed, then virtualized servers in the DMZ are basically sitting ducks.

Brien M. Posey, Virtual servers no escape from IT security management concerns

Today’s WhatIs.com Word of the Day is virtual machine escape.  In theory, an attacker could get access to the hypervisor (if it was mis-configured or had some other vulnerability) and use it to control all the other virtual machines on the host.

Bob Plankers explains more in What is VM Escape?:

Since the hypervisor controls the execution of all of the virtual machines, an attacker that can gain access to the hypervisor can then gain control over every other virtual machine running on the host. Because the hypervisor is between the physical hardware and the guest operating system, an attacker will then be able to circumvent security controls in place on the virtual machine.

Can you image the power of a zombie army that included an almost infinite number of virtual machines?  An army that once established, had the power to create new soldiers (VMs) which one click?  Holy moly.  Big money there.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: