I was looking at some of the latest security updates from Microsoft and I came across this one:
MS07-049: Vulnerability in Virtual PC and Virtual Server that could allow privilege elevation
Here is an excerpt of the KB article (Emphasis is mine):
This important security update resolves one privately reported vulnerability. This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability.
Yikes! This means that it is possible my main machine could get infected, or attacked while running suspect code inside a VM. Fortunately this flaw only affects Virtual PC 2005 and earlier (2005 R2, and 2007 are not affected).
Still this is a scary issue for me since I use VMWare all the time to test out software I don’t trust. I am not aware of any similar problems with VMWare, but time will only tell if a creative programmer will find a flaw there too.