Critical vulnerability discovered in VMware, says security firm


Critical vulnerability discovered in VMware, says security firm

John-Paul Kamath

A vulnerability discovered in VMware's desktop virtualisation software could allow a hacker to gain complete access to the host system and create and modify executable files on the host operating system, according to security supplier Core Security Technologies.

The security firm said that thousands of companies with virtualized systems could unknowingly be exposing critical information.

It claimed that the vulnerability affects VMware Workstation, Player and ACE software and it is only exploitable when Shared Folders are enabled and at least one folder on the Host system is configured for sharing.

"This vulnerability provides an important wake-up call to security-concerned IT practitioners. It signals that virtualization is not immune to security flaws and that "real" environments are not safe simply because they sit behind virtual environments," said Iván Arce, CTO.

CoreLabs said it discovered that a malicious user or software running on a Guest system within VMWare's desktop software (VMware Player, Workstation and ACE) could break out of the isolated environment and gain full access to the Host computer system.

Organisations seeking to mitigate risk should disable shared folders in all installations of the vulnerable software. If the Shared Folders feature cannot be fully disabled, configuring it to allow read-only access to the Host folder may still provide limited mitigation, said CoreLabs.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy