July 30th, 2009 by s3ctrzr0

As the end was near for Black Hat for me and preparing for Defcon, another great session I did receive from another security researcher from Florida, Kostya Kortchinsky (Immunity, Inc). He presented a VMware guest to host escape story that showed me that the virtualization layer is truly not secure.  He just focused on one area of the virtualization layer by exploiting the VMware SVGA II virtual driver and by injecting to frame buffer and SVGA FIFO memory spaces.

He did successfully exploit this abstract layer for remote execution.  This just shows me that VMware need to practice what they preach on virtualization security with their developers.  We did see this demo using VMware Workstation but looking into it deeper ESX 4 RC was reported vulnerable to this attack.  I would highly recommend you check your ESX settings and make sure your virtual machines 3D acceleration settings is disabled, no need to run this on your guest machines that is hosted by VMware ESX Suite. I was glad to end my Black Hat session with a burst of knowledge.