Last week, US-CERT found flaw in VMware: SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware
To patch the vulnerabilities, VMware released the updates for several versions:
- VMware Workstation 8.0.4 and later
- Player 4.0.4 and later
- Fusion 4.x (but not the Mac version)
- All versions of ESXi and ESX
The main flaws were:
- Input data not validated correctly with Checkpoint files. Which means a specifically crafted Checkpoint file can exploit the virtualization environment.
- Traffic from remote virtual devices not being intercepted correctly. An attacker can manipulate the traffic, and crash the VM.
It is recommended to immediately patch your environment: updates
- Ring3 Attackers: 64-bit Privilege Escalation Vulnerability on Intel CPU Hardware (secureconnexion.wordpress.com)
Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.
A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation.
Find out more about this story at US-CERT: www.kb.cert.org/vuls/id/649219
You may want to consider purchasing Malwarebytes’ Anti-Malware to protect against these types of threats.