VMware Product Updates Fix Several Security Bugs - InformationWeek
Software // Information Management
05:35 PM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

VMware Product Updates Fix Several Security Bugs

The vulnerabilities could allow remote access, elevated privileges, and denial-of-service conditions.

VMware released critical updates to several products Thursday, primarily to fix several security vulnerabilities.

The virtualization software provider issued the updates to deal with vulnerabilities that could enable an attacker to overwrite arbitrary files, gain elevated privileges, cause a denial-of-service condition, or execute arbitrary code on an affected system, according to an advisory from the U.S.-CERT.

Affected products include VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player, the security organization noted. U.S.-CERT is recommending that users upgrade to mitigate the security risk.

A VMware advisory noted that updated versions of all supported hosted products and all ESX 2x products and patches for ESX 30x address critical security updates were available for download.

The company also noted that one fix deals with a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and potentially execute arbitrary code on the host. Another fix addresses a denial-of-service vulnerability that could allow a guest operating system to cause a host process to become unresponsive or crash. VMware gave credit to Rafal Wojtczvk, a McAfee researcher, for identifying and reporting the bugs.

Another update addresses several vulnerabilities in the DHCP server that could enable specially crafted packets to gain system-level privileges. The DHCP server listens for client requests and processes them. VMware gave credit to Neel Mehta and Ryan Smith from IBM's Internet Security Systems X-Force for discovering and researching the flaw.

An additional update, according to the advisory, addresses a security vulnerability that could allow a remote hacker to exploit the library file IntraProcessLogging.dll to overwrite files in a system. It also fixes a similar bug in the library file vielib.dll. The company credits the Goodfellas Security Research Team for discovering and researching the flaws.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll