Gene_H
Enthusiast
Enthusiast

Advisory - Critical vulnerability in VMware’s desktop virtualization software

Critical vulnerability in VMware's desktop virtualization software

"Core Security Technologies issued an advisory disclosing a vulnerability that could severely impact organizations relying on VMware's desktop virtualization software.Core Security Technologies issued an advisory disclosing a vulnerability that could severely impact organizations relying on VMware's desktop virtualization software."

Tags (2)
0 Kudos
2 Replies
Gene_H
Enthusiast
Enthusiast

Here is the vmware response - affects only:

VMware Workstation 6.0.2 and earlier

VMware Workstation 5.5.4 and earlier

VMware Player 2.0.2 and earlier

VMware Player 1.0.4 and earlier

VMware ACE 2.0.2 and earlier

VMware ACE 1.0.2 and earlier

0 Kudos
Texiwill
Leadership
Leadership

Hello,

The vulnerability affects only those systems that have the vmhgfs driver in use. If you disable vmhgfs within the isolation tools of the VM the problem does not exist. And for those systems where vmhgfs can not be used (ESX), there is no vulnerability.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos