I must admit I was a bit surprised by this on one hand, and not at all surprised on the other. When you understand how virtualization works, it’s easy to think “wow, that creates a nice black box, nothing could ever get out of there automatically to the host computer, or even know the host exists!” Then you realize that because of the specific hardware VMware or other virtualization software uses, there are several ways for a program to discover that it’s running on a virtual machine (I won’t go into detail on these, I haven’t done much research but I’m sure Google has…). Then, if you know anything about computer security, you realize that if it’s on a computer, connected to a network, there’s probably a way to get in if you have enough time, knowledge and resources, because computers are complex and new attacks pop up every day. Why should VMware be any different?

To the (sparse) details already: PaulDotCom has an article discussing a program that runs on a VMware virtual machine, and in about a minute crashes the machine and then runs a program on the host machine. Whether this was an ESX Server or a VMware Server install is not clear, and neither are most of the other details. It does seem that running VMware Tools on the virtual server might be the attack vector and you would be safe if not running them, but again, the details are sketchy. Cutaway also has some commentary on the new security hole. Originally via Martin McKeay’s blog.