Attention, VMware users: New updates are now available to address critical security vulnerabilities in the following products: Fusion, Workstation Pro, ESXi and vCenter Server.
ESXi, Workstation and Fusion have an out-of-bounds write vulnerability in a Super Video Graphics Array (SVGA) device. This vulnerability would give guests the ability to execute code on the host.
The issue, which is being marked as “critical,” has been labeled CVE-2017-4924. It affects the following versions of VMware:
- ESXi v. 6.5 (but not 6.0 or 5.5)
- Workstation 12.x
- Fusion 8.x
A NULL pointer dereference vulnerability has also been discovered that can be exploited when handling guest RPC requests. This could enable hackers with normal user privileges to take down virtual systems.
What's more, a moderately-severe bug has also been reported in the following versions of VMware:
- ESXi v. 6.0 and 6.5
- Workstation 12.x
- Fusion 8.x
Users are now strongly encouraged to take immediate action and patch the above-mentioned systems. No workarounds are available.
For access to VMware’s patches and release notes, click here.
Regarding the vCenter Security bug, this vulnerability could enable hackers with VC user privileges to inject harmful JavaScript and exploit a stored cross-site scripting bug in the HTML5 Client. This affects v. 6.5 of vCenter Server. This vulnerability can be addressed by upgrading to v. 6.5 U1.
Apex Technology Services is a managed services provider (MSP) offering rapid-response troubleshooting and cybersecurity assistance to organizations in Greater New York City, Connecticut and beyond. Apex can work closely with your team to discover and address these types of vulnerabiltiies, ensuring that your organization is prepared to handle incoming threats.
To learn more information, click here.
A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.
To ensure your security, consider one of our most popular services — Auditing & Documentation — which pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.