In the second half of last week VMware released security updates for the following products:
- VMware ESXi 6.0 without patch ESXi600-201512102-SG
- VMware ESXi 5.5 without patch ESXi550-201512102-SG
- VMware ESXi 5.1 without patch ESXi510-201510102-SG
- VMware ESXi 5.0 without patch ESXi500-201510102-SG
- VMware Workstation prior to 11.1.2
- VMware Player prior to 7.1.2
- VMware Fusion prior to 7.1.2
These updates address elevation of privilege (the concept is defined here) security issue which has been assigned 1x CVE number, (defined). This vulnerability was responsibly disclosed (defined) by Dmitry Janushkevich from the Secunia Research Team to VMware.
Why Should This Issue Be Considered Important?
Since multiple VMware products have this vulnerability which could allow an attacker to escalate their level of privilege/access within the guest operating system (namely one or more of your virtual machines) this issue should be patched as soon as possible. The issue is due to memory corruption vulnerability within the kernel (defined) of the VMware Tools “Shared Folders” HGFS feature.
How Can I Protect Myself From This Issue?
VMware have released updates to resolve this issue within the affected products. Please refer to VMware’s security advisory to download the necessary updates.