"While it is not the most severe vulnerability covered by Microsoft this month, IBM ISS considers MS07-049, the virtual machine vulnerability in Microsoft Virtual PC and Microsoft Virtual Server, to be the most interesting," said X-Force Researcher Tom Cross in a statement. "Enterprises are increasingly embracing virtualization to simplify IT management and cut infrastructure costs. As this trend continues, we're going to see attackers use vulnerabilities like MS07-049 to leverage control over one virtual host to infect others on the same server. This is a new kind of attack methodology that requires unique protection."
To exploit this virtualization vulnerability, a guest operating system does need administrative permissions to the guest operating system, Microsoft noted.
Still, it's notable, given that this flaw allows a guest to cross a chasm that's supposed to be uncrossable, breaking out of one machine and into another because they're running on the same piece of hardware, Schultze noted.
And of course the speculation of Microsoft's eye for the "New and shiny"* Citrix continues. Read the rest at Eweek!