VMware Communities
Kijen
Contributor
Contributor
‎05-24-2018 03:09 AM

VMware Tools vmwsu_v1_0.dll incompatible with Additional LSA Protection

Windows 10 has an optional feature that allows running lsass.exe as a protected process, to mitigate various credential theft attacks:

Configuring Additional LSA Protection | Microsoft Docs

When this feature is enabled, DLLs loaded into LSASS must be signed with the file signing service for LSA on the Windows Hardware Dev Center dashboard.

VMware Tools installs an LSA plugin called vmwsu_v1_0.dll which is not signed in the required manner and fails to load when RunAsPPL is enabled in Lsa's configuration. When a kernel debugger is attached to the guest, the following message appears:

******************************************************************

* This break indicates this binary is not signed correctly: \Device\HarddiskVolume4\Windows\System32\VMWSU_V1_0.DLL

* and does not meet the system policy.

* The binary was attempted to be loaded in the process: \Device\HarddiskVolume4\Windows\System32\lsass.exe

* This is not a failure in CI, but a problem with the failing binary.

* Please contact the binary owner for getting the binary correctly signed.

******************************************************************

This has been observed with the latest version of VMware Tools included in VMWare Workstation Pro 14.1.2 build-8497320.

0 Kudos
1 Reply
lemke
VMware Employee
VMware Employee
‎05-30-2018 10:05 AM

This should be fixed in an upcoming release oif VMware Tools.

Note that this should only impact functionaity if vSphere guest operations are being done in the VM using SAML token authentication.  These aren't supported in normal Workstation, but are possible in shared-mode Workstation.

0 Kudos