Just wanted to give everyone the heads up that Microsoft Security Bulletin MS07-049 was release for Virtual PC and Virtual Server.  The vulnerability is a elevation of privilege that could allow a guest operating system user to run code on the host.

This vulnerability does not affect the latest editions of Microsoft Virtual PC 2007 or Microsoft Virtual Server 2005 R2 Service Pack 1. (see the section Non-Affected Software in MS07-049)

A snippet of the Heap Overflow Vulnerability is below:

An elevation of privilege vulnerability exists in Microsoft Virtual PC and Microsoft Virtual Server that could allow a user with administrator permissions to the guest operating system to run code on the host operating system or other guest operating systems. An attacker with administrator permissions to the guest operating system, could exploit the vulnerability by running specially crafted code on the guest operating system. This could result in a heap overflow on the host or other guest operating systems. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-0948.