For those of you that haven't been paying attention (or don't run VMWare and don't care all that much)... This has been a big week for VMWare
First, we saw the release of patches for ESX Server... patched vulnerabilities included: Python PCRE Module, aacraid driver and a Samba vulnerability. The effects of these ranged from DoS to local privilege escalation to remote buffer overflow. To me this identifies the reason why building a "hypervisor" out of linux is flawed... Hopefully as ESX 3i becomes more popular, we'll see many of these "generic" vulnerabilities disappear.

Today the virtualization issue just got worse... as Core Technologies announced that it was possible to break out of VMWare Shared Folders on VMWare Workstation, Player and Ace. While Shared Folders are disabled by a default, a lot of Downloadable VMs have them enabled, as do many VMs that people build...due to the usefulness of shared folders. If malware researchers forget they have shared folders enabled, malware could do some nasty things.

I'm really starting to wonder how fully vetted the concept of virtualization is. I know it's been around for some time, and existed quite a while ago in the context of mainframes... but VMWare, Virtual Server/PC and Parallels don't seem to be doing much to improve the security of their products. As I said.. 3i may be an improvement but in that case only time will tell.