Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Critical VMware vulnerabilities disclosed SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical VMware vulnerabilities disclosed

VMware released a security bulletin[1] with moderate to critical vulnerabilities. The following products are affected:

  • ESXi
  • Workstation
  • Fusion 

The vulnerabilities may allow a guest to execute code on the host, may lead to a DDoS or information leakage (depending on the product and version). Patches are available.

[1] https://www.vmware.com/security/advisories/VMSA-2017-0006.html

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

Xme

501 Posts
ISC Handler
VMware blog article at https://blogs.vmware.com/security/2017/03/security-landscape-pwn2own-2017.html.
In VMware words, "At this point VMware’s recommendation is that customers expedite updating, though need not take emergency measures like taking environments offline."
Anonymous

Sign Up for Free or Log In to start participating in the conversation!