Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Patches for critical VMWare vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Patches for critical VMWare vulnerability

Our friends at VMWare have made the ISC aware of new patches for both VMWare Hosted products, and for ESX which relates to the ability to execute on the host server from a guest operating system. 

The following releases have generally available patches:


  • VMware Workstation 6.5.1 and earlier
  • VMware Player 2.5.1 and earlier
  • VMware ACE 2.5.1 and earlier
  • VMware Server 2.0
  • VMware Server 1.0.8 and earlier
  • VMware Fusion 2.0.3 and earlier,
  • VMware ESXi 3.5 without patch ESXe350-200904201-O-SG 
  • VMware ESX 3.5 without patch ESX350-200904201-SG
  • VMware ESX 3.0.3 without patch ESX303-200904403-SG,
  • VMware ESX 3.0.2 without patch ESX-1008421.

Depending on your version, your only option may be to upgrade rather than patch.

Steve Hall

ISC Handler




89 Posts
Apr 10th 2009

Sign Up for Free or Log In to start participating in the conversation!