Marc Maiffret, CSO, Beyond Trust
January 02, 2013
Update

Threat of the month: Virtualized application vulnerabilities

IE exploits are the "Threat of the Month"
IE exploits are the "Threat of the Month"
What is it?

Application Virtualization technologies allow you to virtualize an individual application rather than an entire operating system. This can be very helpful to organizations that have legacy application needs or require running two different versions of the same software on an individual system. One example of such application virtualization software is VMware's ThinApp.

How does it work?

There are a variety of methods that can be employed to virtualize an application but the most common method is system level API hooking in order to intercept calls to things such as system registry and files access. A typically app virtualization technology will create a virtual sandbox for an app to live within so that app believes it has its own registry, file system, etc… This allows for two installations of the same product to co-exist without having collisions over the accessing of system resources. 

Should I be worried?

A lot of people believe that because of the “sandboxed” nature of virtualized applications that they are immune to standard exploits. The reality however is that virtualized applications are just as exploitable as non-virtualized applications. For example I have seen finance departments maintain two versions of Adobe, both old and new, in order to support backwards compatibility with document forms. What these companies do not know is that an older, vulnerable, virtualized version of something like Adobe Reader is just as exploitable as a non-virtualized version. 

How can I prevent it?

You can use some of the same techniques in preventing exploitation of virtualized applications as you could regular by employing things like endpoint security solutions and also vulnerability management solutions that can identity virtualized application vulnerabilities. You need to be careful when selecting such solutions as the fast majority of security solutions, particularly in the vulnerability management space, do not actually scan for virtualized application vulnerabilities. A virtualized application is typically self-contained in an executable and since it is not installed like a regular application the traditional approaches for application vulnerability assessment are simply blind to this risk. Ask your endpoint security and vulnerability management vendor if they support the protection and assessment of virtualized applications in the same way they do non-virtualized; and then actually test this scenario in a lab to prove it.

Source: Marc Maiffret, CSO, Beyond Trust

From the January 2013 Issue of SCMagazine »
Related Articles
Related Topics
close

Next Article in Threat of the Month

Sign up to our newsletters

More in Threat of the Month

Threat of the month: IE exploits

Threat of the month: IE exploits

IE exploits, a zero-day vulnerability that affects various Internet Explorer versions, are February's "Threat of the month."

Threat of the month: Natural disasters

Threat of the month: Natural disasters

Our threat of the month for December are natural disasters, which result in the loss of confidentiality, integrity, and availability of sensitive information.

IE exploits are the "Threat of the Month"

IE exploits are the "Threat of the Month"

The "Threat of the Month" in our November issue are IE exploits.