Noticed over at Securabit some information on how Microsoft virtualization of Windows XP may re-introduce some previously-thought mitigated vulnerabilities. This includes XP Mode in Windows 7. Historically, some vulnerabilities in XP have been reduced in importance due to other protections such as DEP, SafeSEH, and ASLR. But during some virtualization scenarios, memory outside the normal protected boundaries could still be attacked. In essence, this means in certain situations, an attacker could leverage vulnerabilities and bypass those protections. I’m grossly simplifying this description, so follow the link trail from Securabit to get the details.
Is this a Big Deal? I don’t think so, but it certainly is worth the press/time and is very interesting in concept.
The bottomline for Windows 7 XP Mode is it shouldn’t be relied upon or used terribly extensively. If you need it so an app will work, use it only for that app. Also, this does not mean you can break into the host by popping the guest XP system; this is still just an XP guest issue.