Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-033.
Impact
Successful exploitation could allow attackers to execute arbitrary code with escalated privileges on the guest operating system.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-033.mspx
Insight
The flaw is due to the application not properly validating required CPU privilege levels of certain machine instructions running within the guest operating system environment.
Affected
Microsoft Virtual PC 2004 Service Pack 1 and prior Microsoft Virtual PC 2007 Service Pack 1 and prior Microsoft Virtual Server 2005 R2 Service Pack 1 and prior
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1542 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (939653)
- Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2879017)