Researchers have focused on finding vulnerabilities in virtualization software, undermining much of the promised security of such systems, stated one security professional on Friday.
A survey of the vulnerabilities publicly disclosed in VMWare's popular virtualization software discovered that almost three-quarters of the 100 flaws discovered since 1999 were found in the last two years, Kris Lamb, director of IBM's Internet Security Systems' research group, stated Friday in a blog post. Nearly 60 percent of the vulnerabilities found could be exploited remotely, Lamb said.
"It is clear that, with the increase in popularity, relevance and deployment of virtualization starting in 2006, vulnerability discovery energies have increasingly focused on finding ways to exploit virtualization technologies," Lamb wrote.
Lamb underscored that virtualization does not equate to security. He pointed out that, just this past week, ISS disclosed a vulnerability in a number of virtualization products. Others, most notably security researcher Joanna Rutkowska, have claimed to be able to create a nigh-undetectable rootkit by taking control of the host process that manages virtual machines.
VMWare could not immediately be reached for comment.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos