To exploit this vulnerability, an attacker requires local access to an affected system and a virtual host, or have the ability to log in locally to a virtual host using remote access such as Remote Desktop or Terminal Services. The attacker will likely require either physical access to a vulnerable system or access to trusted network segments. These requirements limit the potential source of attacks.
An exploit within a virtual operating system will not likely allow the attacker to affect the host operating system. Any impact will be limited to the individual virtual host. However, depending on the functions of the virtual host, a compromise could affect critical operations or expose sensitive information.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the July 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for July 2009
The update available from Microsoft corrects this vulnerability by properly determining privilege levels within the virtual host.