VMware has released security patches for ESX, Workstation, Fusion and View to address a privilege escalation vulnerability. The security hole exists in the VMCI.SYS driver and it can be leveraged by cybercriminals against Windows-based hosts and Windows-based Guest operating systems.
A local attacker can exploit the vulnerability to manipulate memory allocation via the Virtual Machine Communication Interface (VMCI) code.
The affected products include Workstation 9.0 and Workstation 8.x prior to version 8.0.5, Fusion 5.x prior to version 5.0.2 and Fusion 4.x prior to version 4.1.4, and View 5.x prior to version 5.1.2 and View 4.x prior to version 4.6.2.
Users are advised to apply the patches as soon as possible to avoid any unfortunate incidents.
Derek Soeder of Cylance, Inc. and Kostya Kortchinsky of Microsoft have been credited for identifying the vulnerability.