Patch now: VMware Tools for Windows root holes fixed in update

8 January 2016
Comments Comments Off on Patch now: VMware Tools for Windows root holes fixed in update
Category News and Media
8 January 2016, Comments Comments Off on Patch now: VMware Tools for Windows root holes fixed in update

Patch now: VMware Tools for Windows root holes fixed in update

medic

VMware sysadmins, get patching: the virtualisation outfit has released updates to its ESXi, Fusion, Player and Workstation software to block out a privilege-escalation vulnerability.

The patch applies to VMware Windows Workstation versions before 11.1.2, Player and Fusion versions prior to 7.1.2, and various ESXi versions depending on their patch level:

  • VMware ESXi 6.0 without patch ESXi600-201512102-SG
  • VMware ESXi 5.5 without patch ESXi550-201512102-SG
  • VMware ESXi 5.1 without patch ESXi510-201510102-SG
  • VMware ESXi 5.0 without patch ESXi500-201510102-SG

CVE-2015-6933 is a kernel memory corruption vulnerability in the tools’ Shared Folders feature that can be exploited by software to escalate its privileges within a guest. VMware notes that the programming blunder cannot be exploited to escape from a guest to a host.

It was picked up by Secunia’s Dmitry Janushkevich, and the CVE (common vulnerabilities and exposures) database entry was reserved in September 2015.

If you can’t run the patches right away, disabling the Shared Folders feature (HGFS) removes the exploitation possibility.

The full announcement with individual product update links is here. ®

[Source: The Register]

What next?

To find out more about how our Virtualisation Service could help keep your Virtual Machine environment secure and running smoothly, please contact us today or call 01793 295000 to speak to a member of our team.

Comments are closed.

Bitnami