Microsoft

A bug in Microsoft's software gives hackers a way to exploit virtual Windows machines which would be attack-proof if they were running on real hardware, a researcher said today.

The flaw is in some of Microsoft's virtualization software, including Windows XP Mode, the free add-on for Windows 7 that lets users of the newer OS run older applications in a virtual machine.

Core Security went public with information about the flaw yesterday, seven months after reporting the problem, because Microsoft declined to patch it. "They don't believe this requires a patch," Ivan Arce, CTO of Core Security, said in an interview today. "They said that they would address it with an update or in a service pack some time in the future. We believe this needs to be fixed sooner."

Microsoft confirmed today that a security update for its Excel spreadsheet had turned English text in an important Windows tool into Chinese.

Microsoft has warned Windows users to be on their guard against a piece of rogue antivirus software passing itself off as Microsoft Security Essentials. Security essentials 2010 is a piece of software Microsoft said installs a fake virus scanner on your machine and]monitors and blocks processes it doesn't like. The software will also block access to websites of antivirus and malware companies and flag up a warning message. You can see the list of blocked sites here.

Security essentials 2010 blocks access by downloading a Win32/Alureon component and another Layered Service Provider component, Microsoft's David Wood wrote on the company's Malware Protection Center blog. "This LSP monitors the TCP traffic sent by various Web browsers that the user might have installed, and blocks any traffic to certain domains," Wood said.