Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-033.
Impact
Successful exploitation could allow attackers to execute arbitrary code with escalated privileges on the guest operating system.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-033.mspx
Insight
The flaw is due to the application not properly validating required CPU privilege levels of certain machine instructions running within the guest operating system environment.
Affected
Microsoft Virtual PC 2004 Service Pack 1 and prior Microsoft Virtual PC 2007 Service Pack 1 and prior Microsoft Virtual Server 2005 R2 Service Pack 1 and prior
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1542 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
- Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
- Microsoft .NET Framework Remote Code Execution Vulnerability (3000414)