Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Critical VMware vulnerabilities disclosed SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical VMware vulnerabilities disclosed

VMware released a security bulletin[1] with moderate to critical vulnerabilities. The following products are affected:

  • ESXi
  • Workstation
  • Fusion 

The vulnerabilities may allow a guest to execute code on the host, may lead to a DDoS or information leakage (depending on the product and version). Patches are available.

[1] https://www.vmware.com/security/advisories/VMSA-2017-0006.html

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Amsterdam August 2020 Part 2

Xme

536 Posts
ISC Handler
Mar 29th 2017
VMware blog article at https://blogs.vmware.com/security/2017/03/security-landscape-pwn2own-2017.html.
In VMware words, "At this point VMware’s recommendation is that customers expedite updating, though need not take emergency measures like taking environments offline."
Anonymous

Sign Up for Free or Log In to start participating in the conversation!