The popular security firm Core Security yesterday disclosed a serious security vulnerability found in all Microsoft hosted virtualisation products, including Virtual Server 2005, Virtual PC 2007 (with and without SP1) and Windows 7 Virtual PC. While Core Security is using the “hypervisor” terminology, this bug doesn’t affect any bare-metal virtualisation platform Microsoft has, including Hyper-V and Hyper-V R2. The vulnerability affects the virtual machine monitor (VMM) memory management. It makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system.

See original here:
virtualisation.info