Since we have been talking about virtualization in our industry, there are a couple of VMware security news items that are notable. I plan to discuss the security issues in depth in a future post but didn’t want to wait to cover these stories.

The first is a critical security alert for some VMware products running on Windows. If the shared folder feature is enabled, it is vulnerable to an “escape” attack – meaning if the guest system is compromised, the underlying host system can be as well. This vulnerability does not affect the VMware server or ESX products. All the details and workarounds are found here:

Critical VMware Security Alert for Windows-Hosted VMware Workstation, VMware Player, and VMware ACE

The second story is better news. VMware is partnering with several major security players on an effort known as VMsafe, which apparently aims to improve security of its products. The partners are big names – CheckPoint, McAfee, Symantec, etc… so this should be interesting. More details will be revealed at the VMworld conference that starts tomorrow in France.