Critical vulnerability discovered in VMware, says security firm

News

Critical vulnerability discovered in VMware, says security firm

John-Paul Kamath

A vulnerability discovered in VMware's desktop virtualisation software could allow a hacker to gain complete access to the host system and create and modify executable files on the host operating system, according to security supplier Core Security Technologies.

The security firm said that thousands of companies with virtualized systems could unknowingly be exposing critical information.

It claimed that the vulnerability affects VMware Workstation, Player and ACE software and it is only exploitable when Shared Folders are enabled and at least one folder on the Host system is configured for sharing.

"This vulnerability provides an important wake-up call to security-concerned IT practitioners. It signals that virtualization is not immune to security flaws and that "real" environments are not safe simply because they sit behind virtual environments," said Iván Arce, CTO.

CoreLabs said it discovered that a malicious user or software running on a Guest system within VMWare's desktop software (VMware Player, Workstation and ACE) could break out of the isolated environment and gain full access to the Host computer system.

Organisations seeking to mitigate risk should disable shared folders in all installations of the vulnerable software. If the Shared Folders feature cannot be fully disabled, configuring it to allow read-only access to the Host folder may still provide limited mitigation, said CoreLabs.





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy