‘Let anyone be administrator’ bug in VMware snapped shut
‘Let anyone be administrator’ bug in VMware snapped shut
Party’s over, back to be being a normal Windows user for you
Posted in Security, 11th February 2013 15:44 GMT
Free whitepaper – AccelOps’ Unified Infrastructure Management Examined
VMware has published a security update for its virtualisation software including its ESX, Workstation, Fusion and View products.
A range of applications made by the EMC-owned vendor should therefore be patched to squash a privilege-escalation vulnerability in the VMCI.SYS driver. The flaw affects host machines running Microsoft Windows and guests running the Redmond operating system.
A malicious local user can, thanks to the bug, manipulate and exploit memory allocations using the Virtual Machine Communication Interface (VMCI). As a consequence an attacker can carry out actions that would normally be restricted to a system administrator, such as configuring the host environment or manipulating guest systems on the machine.
VMware’s security advisory has more on the issue in some depth here. The virtualisation firm credits Derek Soeder of Cylance and Kostya Kortchinsky of Microsoft for independently reporting the security bug. ®
Free whitepaper – AccelOps’ Unified Infrastructure Management Examined
Send corrections
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/11/vmware_update/