VMware Addresses VMCI Privilege Escalation Flaw in ESX, Workstation, Fusion and View

Customers are advised to apply the updates as soon as possible

By on February 12th, 2013 08:25 GMT

VMware has released security patches for ESX, Workstation, Fusion and View to address a privilege escalation vulnerability. The security hole exists in the VMCI.SYS driver and it can be leveraged by cybercriminals against Windows-based hosts and Windows-based Guest operating systems.

A local attacker can exploit the vulnerability to manipulate memory allocation via the Virtual Machine Communication Interface (VMCI) code.

The affected products include Workstation 9.0 and Workstation 8.x prior to version 8.0.5, Fusion 5.x prior to version 5.0.2 and Fusion 4.x prior to version 4.1.4, and View 5.x prior to version 5.1.2 and View 4.x prior to version 4.6.2.

Users are advised to apply the patches as soon as possible to avoid any unfortunate incidents.

Derek Soeder of Cylance, Inc. and Kostya Kortchinsky of Microsoft have been credited for identifying the vulnerability.

Comments