VMware Fixes Privilege Escalation Vulnerability

Virtualization software maker VMware issued an update last Thursday resolving a virtual machine communication interface (VMCI) vulnerability in its ESX Server, Workstation, Fusion and View products that could lead to a privilege escalation if unpatched.

According to the VMware security advisory, a local attacker could potentially exploit a control code handling vulnerability in vmci.sys in order to tamper with memory allocation in the VMCI code and eventually obtain elevated privileges on Windows-based hosts and guest operating systems.

The vulnerabilities affect systems running Workstation 9.0 as well as versions prior to 8.0.5; Fusion 5.x prior to version 5.0.2 and 4.x prior to version 4.1.4; View 5.x prior to version 5.1.2 and 4.x prior to version 4.6.2; ESXi 5.1 without ESXi510-201212102-SG, 5.0 without ESXi500-201212102-SG, 4.1 without ESXi410-201211402-BG, and 4.0 without ESXi400-201302402-SG; and ESX 4.1 without ESX410-201211401-SG and 4.0 without ESX400-201302401-SG.

VMware users should read the patch release details and update their systems accordingly, the company said.

VMware gives credit to Cylance Inc.’s Derek Soeder and Microsoft’s Kostya Kortchinsky for independently reporting the bug to them.

Commenting on this Article will be automatically closed on May 11, 2013.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s