VMware Virtualization Flaws Patched – June 18
Last week, US-CERT found flaw in VMware: SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware
To patch the vulnerabilities, VMware released the updates for several versions:
- VMware Workstation 8.0.4 and later
- Player 4.0.4 and later
- Fusion 4.x (but not the Mac version)
- All versions of ESXi and ESX
The main flaws were:
- Input data not validated correctly with Checkpoint files. Which means a specifically crafted Checkpoint file can exploit the virtualization environment.
- Traffic from remote virtual devices not being intercepted correctly. An attacker can manipulate the traffic, and crash the VM.
It is recommended to immediately patch your environment: updates
- Ring3 Attackers: 64-bit Privilege Escalation Vulnerability on Intel CPU Hardware (secureconnexion.wordpress.com)