VM Escape

Virtualization is the modern way building a datacenter or just running business application. It is simple, it saves money for hardware and power. It’s easier to provision servers, it’s easier to move servers, and it’s easier to decommission servers. It’s easier to set up networks. It’s easier from a management perspective all around.

Virtual machines are designed to run in self-contained, isolated environments in the host. The operating systems running inside the virtual machine shouldn’t know that they are virtualized. If a virtual machine “break” that isolated environment and start interacting directly with the hypervisor it is called VM Escape

VM Escape

Most commonly VM escape is related to a vulnerability in the operating system running in the virtual machine. When such vulnerability is exploited by an attacker it allows him to run malicious code and escape the boundaries of the VM. Like Hyperjacking this threat is believed more in a theory than in practice but facts shows that is becoming a huge problem. One of the first public demonstration is shown in 2007 by Ed Skoudis and Tom Liston from “Intelguardians”. They have discovered a way to crash the guest operating system and run arbitrary code on the host operating system, but e specific details of the compromise were kept secret from the audience. Their attack was against one of the most popular hypervisors. It’s a serious concern, since many VM users haven’t adequately protected their host OS, expecting the virtual aspect of the systems to protect their host OS.  This isn’t just a single hypervisor vendor concern either, since many of the different virtual server products in use today use very similar code, and this vulnerability attacks that base.

Mitigation techniques

VM Escape doesn’t mean that virtual machines in general are insecure, but it does mean that IT managers and specialist should pay attention to their security. Proactive measures include:

  • Regular software patching of virtual machine operating system
  • Running only necessary resource-sharing features
  • Installing minimum software application, because they also could have vulnerabilities