{"id":12441,"date":"2018-09-12T02:12:39","date_gmt":"2018-09-12T02:12:39","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/"},"modified":"2018-09-12T02:12:39","modified_gmt":"2018-09-12T02:12:39","slug":"its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/","title":{"rendered":"It&#8217;s September 2018, and Windows VMs can pwn their host servers by launching an evil app"},"content":{"rendered":"<p>Admins will again be working overtime as Microsoft and Adobe have posted their monthly scheduled security updates for September.<\/p>\n<p>This month&#8217;s Patch Tuesday bundle includes critical fixes for Windows, SQL Server, and Hyper V, as well as Flash and Cold Fusion.<\/p>\n<h3 class=\"crosshead\"><span>Rude guests and ugly images menace Microsoft<\/span><\/h3>\n<p>In total, Microsoft addressed 61 CVE-listed vulnerabilities this month, including 23 that would potentially allow for remote code execution.<\/p>\n<p>One of the more noteworthy of those bugs is <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8475\">CVE-2018-8475<\/a>, a remote code flaw that can be triggered simply by viewing an image file in Windows. While no exploits are out, Microsoft warns that details on the vulnerability are already public.<\/p>\n<p>&#8220;Open the wrong image \u2013 even through a web browser \u2013 and code executes, making this a browse-and-own scenario,&#8221; <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.zerodayinitiative.com\/blog\/2018\/9\/11\/the-september-2018-security-update-review\">explains<\/a> Dustin Childs of Trend Micro&#8217;s Zero Day initiative.<\/p>\n<p>&#8220;Microsoft provides no information on where this is public, but given the severity of the issue and the relative ease of exploitation, expect this one to find its way into exploit kits quickly.&#8221;<\/p>\n<p>Also raising eyebrows was <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-0965\">CVE-2018-0965<\/a>, a bug in Hyper-V that would let a virtual machine instance achieve remote code execution on the host server simply by running a specially-crafted application within a VM.<\/p>\n<p>Admins will want to prioritize the patch for <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8440\">CVE-2018-8440<\/a>, an elevation of privilege flaw that is being actively targeted in the wild. The vulnerability can be traced to a flaw in the handling of the Windows Advanced Local Procedure Call (ALPC).<\/p>\n<p>&#8220;An ALPC is an internal mechanism normally restricted to Windows operating system components. A lack of permissions checking in the Spooler process allows the elevation,&#8221; Childs explained.<\/p>\n<p>&#8220;This bug should be on the top of everyone\u2019s deployment list.&#8221;<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2017\/07\/20\/phishing_shutterstock.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"phishing\"\/><\/p>\n<h2 title=\"Egghead says Apple has yet to patch spoofing vulnerability\">Safari, Edge fans: Is that really the website you think you&#8217;re visiting? URL spoof bug blabbed<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2018\/09\/11\/safari_edge_spoofing\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>As per usual, most of the other remote code bugs are in the Edge and IE browsers as well as their respective scripting engines. The two browsers were the recipients of 11 of the 23 remote code fixes, include one (<a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8440\">CVE-2018-8440<\/a>) that has already been made public.<\/p>\n<p>Office also received a number of fixes, including for remote code execution bugs in Word (<a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8430\">CVE-2018-8430<\/a>), Excel (<a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8331\">CVE-2018-8331<\/a>), as well as a cross-site-scripting bug in SharePoint <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8426\">CVE-2018-8426<\/a> and a security feature bypass in Lync for Mac 2011 (<a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8457\">CVE-2018-8457<\/a>).<\/p>\n<p>Azure, meanwhile, received a fix for a server spoofing flaw (<a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8479\">CVE-2018-8479<\/a>) and the .NET framework had one remote code execution flaw (<a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8421\">CVE-2018-8421<\/a>) addressed.<\/p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8421\">CVE-2018-8421<\/a> is a bug in Device Guard that puts PCs in danger by allowing attackers to forge file signatures.<\/p>\n<p>&#8220;Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard could then allow a malicious file to execute,&#8221; Microsoft explained.<\/p>\n<h3 class=\"crosshead\"><span>Meanwhile, over at Adobe\u2026<\/span><\/h3>\n<p>This month wasn&#8217;t so bad for Flash, as the internet&#8217;s broken screen door <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/helpx.adobe.com\/security\/products\/flash-player\/apsb18-31.html\">only needed<\/a> a single CVE-listed bug patched. Dubbed CVE-2018-15967, the flaw could allow for information disclosure, a refreshing change from the usual parade of remote code execution bugs Adobe delivered in previous months.<\/p>\n<p>Adobe&#8217;s only other patch of the day was for ColdFusion. The web app developer suite saw <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/helpx.adobe.com\/security\/products\/coldfusion\/apsb18-33.html\">an update<\/a> for nine CVE-listed flaws, five of which could potentially allow remote code execution. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1787\/-6625\/following-bottomlines-journey-to-the-hybrid-cloud?td=wptl1787\">Following Bottomline\u2019s journey to the Hybrid Cloud<\/a><\/p>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2018\/09\/11\/patch_tuesday_september\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Too smart? There&#8217;s also an old-fashioned image file RCE Admins will again be working overtime as Microsoft and Adobe have posted their monthly scheduled security updates for September.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":12442,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-12441","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>It&#039;s September 2018, and Windows VMs can pwn their host servers by launching an evil app 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"It&#039;s September 2018, and Windows VMs can pwn their host servers by launching an evil app 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-12T02:12:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"It&#8217;s September 2018, and Windows VMs can pwn their host servers by launching an evil app\",\"datePublished\":\"2018-09-12T02:12:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/\"},\"wordCount\":572,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/\",\"name\":\"It's September 2018, and Windows VMs can pwn their host servers by launching an evil app 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app.jpg\",\"datePublished\":\"2018-09-12T02:12:39+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"It&#8217;s September 2018, and Windows VMs can pwn their host servers by launching an evil app\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"It's September 2018, and Windows VMs can pwn their host servers by launching an evil app 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/","og_locale":"en_US","og_type":"article","og_title":"It's September 2018, and Windows VMs can pwn their host servers by launching an evil app 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-09-12T02:12:39+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"It&#8217;s September 2018, and Windows VMs can pwn their host servers by launching an evil app","datePublished":"2018-09-12T02:12:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/"},"wordCount":572,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/","url":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/","name":"It's September 2018, and Windows VMs can pwn their host servers by launching an evil app 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app.jpg","datePublished":"2018-09-12T02:12:39+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/its-september-2018-and-windows-vms-can-pwn-their-host-servers-by-launching-an-evil-app\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"It&#8217;s September 2018, and Windows VMs can pwn their host servers by launching an evil app"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/12441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=12441"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/12441\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/12442"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=12441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=12441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=12441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}