VMWare is one of the more popular virtualization software these days. Its home page describes virtualization as a technology bound to change the IT landscape, as it allows one to “transform hardware into software.” By “virtualizing” hardware resources including the CPU, RAM, etc., multiple virtual machines can share resources without interfering with one other. It has thus proven to be a handy tool for intensive security research as well for the creation and use of test environments without harming the actual system.

However, Core Security Technologies has very recently reported of a bug that allows malicious users to escape the virtual environment to actually penetrate the host system running it. The bug exists in the shared folder feature of the Windows client-based virtualization software. VMWare has, for the meantime, advised users to disable shared folders. The company has also made clear that the vulnerability was not present in its server line, and that in newer versions the user must actually turn on the feature to become susceptible to this attack.

VMWare discloses this vulnerability on this page.

Core Security Technologies has a full disclosure on this page. The vulnerability ID for this finding is CVE-2008-0923 at the National Vulnerability Database.

Trend Micro researchers are bent on giving you the freshest information on the latest threats. We are posting our findings in real-time, so please stand by for updates as we uncover more details on this particular threat.