VMware Patches Many Security Issues To Fix Certain Vulnerabilities

July 9, 2020

Written by wukovits

vmware patches many security issues to fix certain vulnerabilitiesDoes your company make use of VMware products? If so, be advised that a pair of researchers from Synacktiv recently reported a series of critical security flaws in VMware’s ESXi, Workstation and Fusion products.

The recent discovery prompted the company to issue an emergency security patch to address those issues.

The most serious of the bunch, which earned a 9.3 CVSSv3 severity score, is being tracked as CVE-2020-3962. It is a flaw in the SVGA device that could allow an attacker with local access to the machine to execute arbitrary code on the hypervisor from a virtual machine.

In addition to that, the latest patch also addresses the following security vulnerabilities:

  • CVE-2020-3963
  • CVE-2020-3964
  • CVE-2020-3965
  • CVE-2020-3966
  • CVE-2020-3967
  • CVE-2020-3968
  • CVE-2020-3969
  • CVE-2020-3970
  • CVE-2020-3971

These issues range in severity from 4.0 to 8.1 and all are related to different ways that a local attacker with access to a virtual machine could execute arbitrary code, trigger a DoS condition, or read privileged information on the compromised devices.

To block attacks exploiting all of the vulnerabilities listed above, VMware recommends immediately upgrading to version 15.5.5 (VMware Fusion (Pro), while VMware ESXI customers should upgrade to ESXi_7.0.0-1.20.16321839, ESXi670-202004101-SG, or ESXi650-202005401-SG.

Kudos to Synacktiv researchers Bruno Pujos and Corentin Bayet for their diligent research, and to the management team at VMware for making the patches addressing these issues available with all speed.

This, of course, will not be the last time researchers uncover serious security flaws in software. However, this example is a textbook case of deft handling by the companies involved.

If you use VMware products, be sure to check to see what version you’re running, and if need be, upgrade to the latest right away. Since all of the potential attacks here require local access to exploit, the risk is low, but there’s no advantage to having any unnecessary exposure.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Key Considerations for Effective Cybersecurity Implementation

Consider this: In the realm of cybersecurity, things often get tangled in the web of "you should do it anyway" arguments. Yet, for busy business owners bombarded with daily "must-dos," deciphering the essentials from the fluff can feel like a cyber maze. We aim to...

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...