TechTarget

Critical vulnerability discovered in VMware, says security firm

A vulnerability discovered in VMware's desktop virtualisation software could allow a hacker to gain complete access to the host system and create and modify executable files on the host operating system, according to security supplier Core Security Technologies.

A vulnerability discovered in VMware's desktop virtualisation software could allow a hacker to gain complete access...

to the host system and create and modify executable files on the host operating system, according to security supplier Core Security Technologies.

The security firm said that thousands of companies with virtualized systems could unknowingly be exposing critical information.

It claimed that the vulnerability affects VMware Workstation, Player and ACE software and it is only exploitable when Shared Folders are enabled and at least one folder on the Host system is configured for sharing.

"This vulnerability provides an important wake-up call to security-concerned IT practitioners. It signals that virtualization is not immune to security flaws and that "real" environments are not safe simply because they sit behind virtual environments," said Iván Arce, CTO.

CoreLabs said it discovered that a malicious user or software running on a Guest system within VMWare's desktop software (VMware Player, Workstation and ACE) could break out of the isolated environment and gain full access to the Host computer system.

Organisations seeking to mitigate risk should disable shared folders in all installations of the vulnerable software. If the Shared Folders feature cannot be fully disabled, configuring it to allow read-only access to the Host folder may still provide limited mitigation, said CoreLabs.




CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close