VMware Virtualization Flaws Patched – June 18

Last week, US-CERT found flaw in VMware: SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware

To patch the vulnerabilities, VMware released the updates for several versions:

  • VMware Workstation 8.0.4 and later
  • Player 4.0.4 and later
  • Fusion 4.x (but not the Mac version)
  • All versions of ESXi and ESX

The main flaws were:

  • Input data not validated correctly with Checkpoint files. Which means a specifically crafted Checkpoint file can exploit the virtualization environment.
  • Traffic from remote virtual devices not being intercepted correctly. An attacker can manipulate the traffic, and crash the VM.

It is recommended to immediately patch your environment:  updates

Tags: , , , , ,

About Dr Jay

%d bloggers like this: