181 replies to this topic

[AplusWebMaster]

FYI...

VMSA-2017-0012 - VMware VIX API VM Direct Access Function security issue
- https://www.vmware.c...-2017-0012.html
2017-07-27
Summary: VMware VIX API allows for direct access to Guest Operating Systems (Guest OSs) by vSphere users with limited privileges.
Relevant Products: VMware vCenter Server
Problem Description: VMware VIX API VM Direct Access Function security issue  
The VMware VIX API has a functionality that allows for direct access to Guests OSs which is used by VMware Site Recovery Manager, VMware Update Manager, and VMware Infrastructure Navigator to manage Guest OSs. This functionality may be used by vSphere users with limited privileges to access a Guest OS without the need to authenticate. In order for vSphere users with limited privileges to use this functionality, they would need to have all three of the following privileges:         
  Virtual Machine -> Configuration -> Advanced            
  Virtual Machine -> Interaction ->                      
     Guest Operating System Management by VIX API                   
  Host -> Configuration -> Advanced Settings  
Workaround: Workarounds that remove the direct access to Guest OSs by vSphere users with limited privileges are listed in VMware Knowledge Base article 2151027.  
These workarounds are not relevant for vSphere users that are fully privileged. Typically they already have alternate ways to access Guest OSs.
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. Apply the workaround listed in VMware Knowledge Base article 2151027*.   
* https://kb.vmware.com/kb/2151027

- http://www.securityt....com/id/1039004
CVE Reference: CVE-2017-4919
Jul 27 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.5, 6.0, 6.5 ...
Impact: A remote authenticated vSphere user with limited privileges can gain access to the target guest system.
Solution: VMware has described a workaround in KB 2151027, available at:
- https://kb.vmware.com/kb/2151027
 

[AplusWebMaster]

FYI...

VMSA-2017-0013 - VMware vCenter Server and Tools updates resolve multiple security vulns
- https://www.vmware.c...-2017-0013.html
2017-07-27
Summary: VMware vCenter Server and Tools updates resolve multiple security vulnerabilities
Relevant Products:
    VMware vCenter Server  
    VMware Tools
Problem Description:
a. Insecure library loading through LD_LIBRARY_PATH
VMware vCenter Server contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation.      
Note: In order to exploit this issue an attacker should be able to trick the admin to execute wrapper scripts from a world writable directory...
b. Information disclosure via service startup script
VMware vCenter Server contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted...
c. Information disclosure via vCenter Server Appliance file-based backup feature
VMware vCenter Server contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature...
d. Local privilege escalation in VMware Tools
VMware Tools contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation...
Solution:
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> VMware vCenter Server 6.5 U1
Downloads:
- https://my.vmware.co...=614&rPId=17343
Documentation:
- https://docs.vmware....here/index.html
> VMware Tools 10.0.9
Downloads and Documentation:  
- https://my.vmware.co...oup=VMTOOLS1009
___

- http://www.securityt....com/id/1039013
CVE Reference: CVE-2015-5191, CVE-2017-4921, CVE-2017-4922, CVE-2017-4923
Jul 28 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): vCenter Server 6.5 VA; VMware Tools 9.x, 10.0.x ...
Impact: A local user on the guest system can gain elevated privileges on the guest system.
A local user on the host system can gain elevated privileges on the host system.
A local user can obtain potentially sensitive information on the target system.
A local user can obtain passwords on the target system.
Solution: VMware has issued a fix (vCenter Server 6.5 U1).
A fixed version of VMware Tools (10.0.9) is also available...
 

[AplusWebMaster]

FYI...

VMSA-2017-0014 - VMware NSX-V Edge updates address OSPF Protocol LSA DoS
- https://www.vmware.c...-2017-0014.html
2017-08-10
Summary: VMware NSX-V Edge updates address OSPF Protocol LSA DoS.
Relevant Products:
    VMware NSX-V Edge
Problem Description: VMware NSX-V Edge OSPF Protocol LSA Denial of Service
VMware NSX-V implementation of the OSPF protocol doesn’t correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.
Note: The issue cannot be exploited in case the OSPF protocol is not configured. At setup time, no particular protocol is configured. For more information on static and dynamic routing for NSX Edge refer to the NSX Administration Guide, section Logical Router...
References: http://cve.mitre.org...e=CVE-2017-4920
NSX Administration Guide, section Logical Router:
- https://pubs.vmware....7CD9EA5104.html
 

[AplusWebMaster]

FYI...

VMSA-2017-0015.1 - VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulns
- https://www.vmware.c...-2017-0015.html
Issue date: 2017-09-14 / Updated on: 2017-09-15
Severity: Critical
Summary: VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities.
Relevant Products:
    VMware ESXi (ESXi)
    VMware vCenter Server
    VMware Workstation Pro / Player (Workstation)
    VMware Fusion Pro, Fusion (Fusion)...
Problem Description:
a. Out-of-bounds write vulnerability in SVGA ...
b. Guest RPC NULL pointer dereference vulnerability ...
c. Stored XSS in H5 Client ...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware ESXi 6.5
Downloads:  
- https://my.vmware.co...up/vmware/patch
Documentation:  
- http://kb.vmware.com/kb/2149933
VMware ESXi 6.0
Downloads:  
- https://my.vmware.co...up/vmware/patch
Documentation:  
- http://kb.vmware.com/kb/2149960
VMware ESXi 5.5
Downloads:  
- https://my.vmware.co...up/vmware/patch
Documentation:
- http://kb.vmware.com/kb/2150876
VMware vCenter Server 6.5 U1  
Downloads:  
- https://my.vmware.co...=614&rPId=17343
Documentation:  
- https://docs.vmware....here/index.html
VMware Workstation Pro 12.5.7
Downloads and Documentation:  
- https://www.vmware.c...loadworkstation 
- https://www.vmware.c...bs/ws_pubs.html 
VMware Workstation Player 12.5.7
Downloads and Documentation:  
- https://www.vmware.c.../downloadplayer 
- https://www.vmware.c...layer_pubs.html
VMware Workstation Pro 12.5.3
Downloads and Documentation:  
- https://www.vmware.c...loadworkstation 
- https://www.vmware.c...bs/ws_pubs.html 
VMware Workstation Player 12.5.3
Downloads and Documentation:  
- https://www.vmware.c.../downloadplayer 
- https://www.vmware.c...layer_pubs.html
VMware Fusion Pro / Fusion 8.5.8
Downloads and Documentation:  
- https://www.vmware.c.../downloadfusion 
- https://www.vmware.c...usion_pubs.html
VMware Fusion Pro / Fusion 8.5.4
Downloads and Documentation:  
- https://www.vmware.c.../downloadfusion 
- https://www.vmware.c...usion_pubs.html

References:
- http://cve.mitre.org...e=CVE-2017-4924 
- http://cve.mitre.org...e=CVE-2017-4925 
- http://cve.mitre.org...e=CVE-2017-4926

Change log:
2017-09-14 VMSA-2017-0015: Initial security advisory in conjunction with the release of VMware ESXi 5.5 patches on 2017-09-14.
2017-09-15 VMSA-2017-0015.1: Corrected the underlying component affected from SVGA driver to device...

2017-09-18 VMSA-2017-0015.2 Updated the security advisory to reflect the correct platform for the XSS issue 3.
___

Additional info:
- http://www.securityt....com/id/1039364

- http://www.securityt....com/id/1039365

- http://www.securityt....com/id/1039366

- http://www.securityt....com/id/1039367

- http://www.securityt....com/id/1039368
___

- https://www.us-cert....ecurity-Updates
Sep 15, 2017
 

Edited by AplusWebMaster, 19 September 2017 - 07:34 AM.

[AplusWebMaster]

FYI...

VMSA-2017-0016 - VMware AirWatch Console and Launcher for Android updates
- https://www.vmware.c...-2017-0016.html
2017-11-08
Synopsis: VMware AirWatch Console and Launcher for Android updates resolve multiple vulnerabilities...
Relevant Products:
    VMware AirWatch Console (AWC)
    VMware AirWatch Launcher for Android (AWL)
Problem Description:
a. VMware AirWatch Console stored XSS vulnerability  
VMware AirWatch Console contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device’s ‘Links’ page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL...
b. VMware AirWatch Console CSV file integrity vulnerability
VMware AirWatch Console contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device’s log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content...
c. VMware AirWatch Launcher for Android UI privilege escalation
VMware AirWatch Launcher for Android contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege...
Solution:
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware AirWatch Console 9.2.0
Downloads and Documentation:
- https://support.air-...es/115012658907
VMware AirWatch Launcher for Android 3.2.2
Downloads and Documentation:  
- https://my.air-watch...id/v3.2.2/awall

- https://www.security....com/id/1039750
CVE Reference: CVE-2017-4930, CVE-2017-4931, CVE-2017-4932
Nov 9 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Impact: A remote authenticated user can modify log files on the target system.
A local user can obtain elevated privileges on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the VMware AirWatch Console software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: VMware has issued a fix (AirWatch Console 9.2.0, AirWatch Launcher for Android 3.2.2)...
 

[AplusWebMaster]

FYI...

VMSA-2017-0017 - VMware vCenter Server update resolves LDAP DoS, SSRF and CRLF injection issues
- https://www.vmware.c...-2017-0017.html
2017-11-09
Synopsis: VMware vCenter Server update resolves LDAP DoS, SSRF and CRLF injection issues
Relevant Products:
 VMware vCenter Server
Problem Description:
a. VMware vCenter Server LDAP Denial of Service (DoS):
VMware vCenter Server doesn't correctly handle specially crafted LDAP network packets which may allow for remote DoS.
b. SSRF and CRLF injection issues in vSphere Web client:
The Flash-based vSphere Web Client (i.e. not the new HTML5-based vSphere Client) contains server side request forgery (SSRF) and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.  Solution:
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> VMware vCenter Server 6.5 U1
Downloads:
- https://my.vmware.co...=614&rPId=17343
Documentation:
- https://docs.vmware....here/index.html
> VMware vCenter Server 6.0 U3c
Downloads:
- https://my.vmware.co...oadGroup=VC60U3
Documentation:         
- https://docs.vmware....here/index.html
> VMware vCenter Server 5.5 U3f
Downloads:
- https://my.vmware.co...adGroup=VC55U3F
Documentation:  
- https://docs.vmware....here/index.html

- https://www.security....com/id/1039759
CVE Reference: CVE-2017-4927, CVE-2017-4928
Nov 10 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.5, 6.0, 6.5 ...
Impact: A remote user can cause denial of service conditions.
A remote user can obtain potentially sensitive information on the target system.
Solution: VMware has issued a fix (5.5 U3f, 6.0 U3c, 6.5 U1)...
 

[AplusWebMaster]

FYI... VMSA-2017-0018 - VMSA-2017-0019

VMSA-2017-0018 - VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities
- https://www.vmware.c...-2017-0018.html
2017-11-16
Severity: Critical
Summary: VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities
Relevant Products:
 VMware Workstation Pro / Player (Workstation)
 VMware Fusion Pro / Fusion (Fusion)
Problem Description:
a. Heap buffer-overflow vulnerability in VMNAT device
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host...
b. Out-of-bounds write via Cortado ThinPrint
VMware Workstation and Horizon View Client contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll.   
On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon  View Client.      
Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client...
c. Multiple out-of-bounds read issues via Cortado ThinPrint
VMware Workstation and Horizon View Client contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.   
Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View...
d. Guest RPC NULL pointer dereference vulnerability
VMware Workstation and Fusion contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Horizon View Client 4.6.1
Downloads and Documentation:
- https://my.vmware.co...=578&rPId=18817
VMware Workstation Pro 12.5.8
Downloads and Documentation:
- https://www.vmware.c...loadworkstation 
- https://www.vmware.c...bs/ws_pubs.html
VMware Workstation Player 12.5.8
Downloads and Documentation:
- https://www.vmware.c.../downloadplayer
- https://www.vmware.c...layer_pubs.html
VMware Fusion Pro / Fusion 8.5.9
Downloads and Documentation:
- https://www.vmware.c.../downloadfusion
- https://www.vmware.c...usion_pubs.html

- https://www.security....com/id/1039835
CVE Reference: CVE-2017-4934, CVE-2017-4935, CVE-2017-4936, CVE-2017-4937, CVE-2017-4938
Nov 17 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation 12.x, Fusion 8.x ...
Impact: A local user on the guest system can cause denial of service conditions on the guest system.
A local user on the guest system can cause denial of service conditions on the host system.
A local user on the guest system can gain elevated privileges on the host system.
Solution: VMware has issued a fix (Fusion 8.5.9, Workstation 12.5.8)...

- https://www.security....com/id/1039836
CVE Reference: CVE-2017-4935, CVE-2017-4936, CVE-2017-4937
Nov 17 2017
Fix Available:  Yes  Vendor Confirmed:  Yes
Version(s): 4.x ...
Impact: A local user on the guest system can cause denial of service conditions on the host system.
A local user on the guest system can gain elevated privileges on the host system.
Solution: VMware has issued a fix (4.6.1)...
___

VMSA-2017-0019 - NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue
- https://www.vmware.c...-2017-0019.html
2017-11-16
Severity: Moderate
Summary: NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue.
NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue.
Relevant Products:
 NSX for vSphere  
Problem Description:
a. NSX Edge Cross-Site Scripting (XSS) issue.
NSX Edge contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware NSX for vSphere 6.2.9
Downloads:
- https://my.vmware.co...Group=NSXV_629B
Documentation:
- https://docs.vmware....here/index.html
VMware NSX for vSphere 6.3.5
Downloads:
- https://my.vmware.co...dGroup=NSXV_635 
Documentation:  
- https://docs.vmware....here/index.html

- https://www.security....com/id/1039837
CVE Reference: CVE-2017-4929
Nov 17 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.2.x, 6.3.x ...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the VMware NSX interface, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: VMware has issued a fix (NSX for vSphere 6.2.9, 6.3.5)...
 

Edited by AplusWebMaster, 17 November 2017 - 01:33 PM.

[AplusWebMaster]

FYI...

VMSA-2017-0020 - VMware AirWatch Console updates
- https://www.vmware.c...-2017-0020.html
2017-12-12
Summary: VMware AirWatch Console updates address Broken Access Control vulnerability.
Relevant Products: VMware AirWatch Console (AWC)
Problem Description: VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware AirWatch Console 9.2.2
Downloads and Documentation:
- https://support.air-...es/115015625647
___

- https://www.security....com/id/1040003
CVE Reference: CVE-2017-4942
Dec 13 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Console 9.x ...
Impact: A remote authenticated administrative user can obtain potentially sensitive end-user device details.
Solution: VMware has issued a fix (AWC 9.2.2)...
 

[AplusWebMaster]

FYI...

VMSA-2017-0021 - VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates
- https://www.vmware.c...-2017-0021.html
2017-12-19
Summary: VMware ESXi, Workstation and Fusion updates address multiple security vulnerabilities
Relevant Products:
    VMware ESXi (ESXi)
    VMware vCenter Server Appliance (vCSA)
    VMware Workstation Pro / Player (Workstation)
    VMware Fusion Pro, Fusion (Fusion)
Problem Description:
a. ESXi, Workstation, and Fusion stack overflow via authenticated VNC session...
b. ESXi, Workstation, and Fusion heap overflow via authenticated VNC session...
c. ESXi Host Client stored cross-site scripting vulnerability...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware ESXi 6.5  
Downloads: https://my.vmware.co...up/vmware/patch
Documentation:  
- http://kb.vmware.com/kb/2151061
- http://kb.vmware.com/kb/51196  
VMware ESXi 6.0
Downloads: https://my.vmware.co...up/vmware/patch
Documentation:  
- http://kb.vmware.com/kb/2151132
- http://kb.vmware.com/kb/2151134
VMware ESXi 5.5
Downloads: https://my.vmware.co...up/vmware/patch
Documentation:
- http://kb.vmware.com/kb/2150876
- http://kb.vmware.com/kb/2150878
vCSA 6.5 U1d: Downloads and Documentation:
- https://my.vmware.co...=614&rPId=20189
VMware Workstation Pro 12.5.8
Downloads and Documentation:  
- https://www.vmware.c...loadworkstation 
- https://www.vmware.c...bs/ws_pubs.html 
VMware Workstation Player 12.5.8
Downloads and Documentation:  
- https://www.vmware.c.../downloadplayer 
- https://www.vmware.c...layer_pubs.html
VMware Fusion Pro / Fusion 8.5.9
Downloads and Documentation:  
- https://www.vmware.c.../downloadfusion 
- https://www.vmware.c...usion_pubs.html
___

- https://www.security....com/id/1040024
Dec 19 2017 - Versions 5.5 and 6.0 are affected.
- https://www.security....com/id/1040025
Dec 19 2017 - Solution: VMware has issued a fix (Workstation 12.5.8, Fusion 8.5.9).
- https://www.security....com/id/1040026
Dec 19 2017 - VMware has issued a fix (vCSA 6.5 U1d).
 

[AplusWebMaster]

FYI...

VMSA-2018-0001 - vSphere Data Protection (VDP) updates
- https://www.vmware.c...-2018-0001.html
2018-01-02
Severity: Critical
Synopsis: vSphere Data Protection (VDP) updates address multiple security issues...
Relevant Products: vSphere Data Protection (VDP)
Problem Description:
a. VDP authentication bypass vulnerability.
VDP contains an authentication bypass vulnerability.
A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems...
b. VDP arbitrary file upload vulnerability.
VDP contains a file upload vulnerability. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system...
c. VDP path traversal vulnerability.
VDP contains a path traversal vulnerability. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> vSphere Data Protection (VDP) 6.1.6
Downloads and Documentation:
- https://my.vmware.co...oadGroup=VDP616
- https://www.vmware.c...s/vdr_pubs.html
> vSphere Data Protection (VDP) 6.0.7
Downloads and Documentation:  
- https://my.vmware.co...adGroup=VDP60_7
- https://www.vmware.c...s/vdr_pubs.html
VMware Security & Compliance Blog  
- https://blogs.vmware...-2017-0021.html
___

- https://www.security...com/id/1040070\
CVE Reference: CVE-2017-15548, CVE-2017-15549, CVE-2017-15550
Jan 3 2018
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.x, 6.0.x, 6.1.x ...
Impact: A remote authenticated user can view files on the target system.
A remote authenticated user can upload files to the target system.
A remote user can gain root access on the target system.
Solution: VMware has issued a fix (VDP 6.0.7, 6.1.6)...
___

- https://www.us-cert....ecurity-Updates
Jan 02, 2018
 

Edited by AplusWebMaster, 04 January 2018 - 11:39 AM.

[AplusWebMaster]

FYI...

VMSA-2018-0002 - VMware ESXi, Workstation and Fusion updates address side-channel analysis
- https://www.vmware.c...-2018-0002.html
2018-01-03
Severity: Important
Synopsis: VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.
Relevant Products:
    VMware vSphere ESXi (ESXi)
    VMware Workstation Pro / Player (Workstation)
    VMware Fusion Pro / Fusion (Fusion)   
Problem Description: Bounds-Check bypass and Branch Target Injection issues:
CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass and Branch Target Injection issues resulting from this vulnerability. Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. The remediation listed in the table below is for the known variants of the Bounds Check Bypass and Branch Target Injection issues...
CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection)...
* This patch has remediation against CVE-2017-5715 but -not- against CVE-2017-5753.
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> VMware ESXi 6.5
Downloads:  
- https://my.vmware.co...up/vmware/patch
Documentation:  
- http://kb.vmware.com/kb/2151099
> VMware ESXi 6.0
Downloads:  
- https://my.vmware.co...up/vmware/patch
Documentation:  
- http://kb.vmware.com/kb/2151132
> VMware ESXi 5.5
Downloads:  
- https://my.vmware.co...up/vmware/patch
Documentation:  
- http://kb.vmware.com/kb/2150876
> VMware Workstation Pro, Player 12.5.8
Downloads and Documentation:
- https://www.vmware.c...loadworkstation
- https://www.vmware.c...bs/ws_pubs.html
> VMware Fusion Pro / Fusion 12.5.9
Downloads and Documentation:  
- https://www.vmware.c.../downloadfusion 
- https://www.vmware.c...usion_pubs.html
> Blog: https://blogs.vmware...-2018-0002.html
___

- https://www.security....com/id/1040075
CVE Reference: CVE-2017-5715, CVE-2017-5753
Jan 4 2018
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 8.x ...
Impact: A local user can view arbitrary virtual memory contents on the target CPU device [which can lead to elevated privileges on the target system].
Solution: VMware has issued a fix for CVE-2017-5715 and CVE-2017-5753 for VMware Fusion (8.5.9).
Version 10.x is not affected.
The VMware advisory is available at: http://www.vmware.co...-2018-0002.html
 

[AplusWebMaster]

FYI...

VMSA-2018-0003 - vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates...
- https://www.vmware.c...-2018-0003.html
2018-01-04
Severity: Important
Summary: vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities.
> Relevant Products:
    vRealize Operations for Horizon (V4H)
    vRealize Operations for Published Applications (V4PA)
    VMware Workstation Pro / Player (Workstation)
    VMware Fusion Pro / Fusion (Fusion)
    Horizon View Client for Windows
Problem Description:
a. V4H and V4PA desktop agent privilege escalation vulnerability
The V4H and V4PA desktop agents contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM...
b. Out-of-bounds read issue via Cortado ThinPrint
VMware Workstation and Horizon View Client contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client.
Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View...
c. Guest access control vulnerability
VMware Workstation and Fusion contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs.
VMware Tools must updated to 10.2.0 for each VM to resolve CVE-2017-4945.
VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default...
> Solution:
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> vRealize Operations for Horizon Desktop Agent 6.5.1
Downloads and Documentation:
- https://my.vmware.co...roup=V4H-651-GA
> vRealize Operations for Published Applications Desktop Agent 6.5.1
Downloads and Documentation:
- https://my.vmware.co...oup=V4PA-651-GA
> VMware Horizon View Client 4.7.0
Downloads and Documentation:
- https://my.vmware.co...=578&rPId=20571
> VMware Workstation Pro 14.1.0
Downloads and Documentation:
- https://www.vmware.c...loadworkstation
- https://www.vmware.c...bs/ws_pubs.html
> VMware Workstation Player 14.1.0
Downloads and Documentation:
- https://www.vmware.c.../downloadplayer
- https://www.vmware.c...layer_pubs.html
> VMware Tools 10.2.0
Downloads:
- https://my.vmware.com/web/vmware/details?downloadGroup=VMTOOLS1020&productId=491  
Documentation:  
- https://docs.vmware....ease-notes.html

Blog: https://blogs.vmware...-2018-0003.html
___

- https://www.security....com/id/1040108
CVE Reference: CVE-2017-4948  
Jan 5 2018
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.x
Impact: A local user can cause denial of service conditions on the target system.
A local user can obtain potentially sensitive information on the host system.
Solution: VMware has issued a fix (4.7.0)...

- https://www.security....com/id/1040109
CVE Reference: CVE-2017-4945, CVE-2017-4948
Jan 5 2018
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation 12.x, 14.x; Fusion 8.x, 10.x
Impact: A local user can obtain potentially sensitive information on the host system.
A local user can bypass security controls on the target system.
Solution: VMware has issued a fix.
For VMware Workstation 14.x: 14.1.0; VMware Tools 10.2.0 (on each virtual machine)
For VMware Fusion 10.x: VMware Tools 10.2.0 (on each virtual machine)
[Editor's note: A patch for CVE-2017-4948 for Workstation 12.x is not planned. A patch for CVE-2017-4945 for
Workstation 12.x and for Fusion 8.x is not planned.]...
___

- https://www.us-cert....ecurity-Updates
Jan 05, 2018
 

Edited by AplusWebMaster, 05 January 2018 - 01:53 PM.

[AplusWebMaster]

FYI...

VMSA-2018-0004 - VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue
- https://www.vmware.c...-2018-0004.html
2018-01-09
Severity: Important
Summary: VMware vSphere, Workstation and Fusion updates add Hypervisor- Assisted Guest Remediation for speculative execution issue.
Notes:
Hypervisor remediation can be classified into the two following categories:
   - Hypervisor-Specific Remediation (documented in VMSA-2018-0002)
   - Hypervisor-Assisted Guest Remediation (documented in this advisory)
The ESXi patches and new versions of Workstation and Fusion of this advisory include the Hypervisor-Specific Remediation documented in VMware Security Advisory VMSA-2018-0002.
More information on the types of Hypervisor remediation may be found in VMware Knowledge Base article 52245.
> Relevant Products
    VMware vCenter Server (VC)
    VMware vSphere ESXi (ESXi)
    VMware Workstation Pro / Player (Workstation)
    VMware Fusion Pro / Fusion (Fusion)
> Problem Description:
New speculative-execution control mechanism for Virtual Machines
Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (Guest OS) can remediate the Branch Target Injection issue (CVE-2017-5715). This issue may allow for information disclosure between processes within the VM.
To remediate CVE-2017-5715 in the Guest OS the following VMware and third party requirements must be met:
> VMware Requirements:
    Deploy the updated version of vCenter Server listed in the table (if vCenter Server is used).
    Deploy the ESXi patches and/or the new versions for Workstation or Fusion listed in the table.
    Ensure that your VMs are using Hardware Version 9 or higher. For best performance, Hardware Version 11 or higher is recommended. VMware Knowledge Base article 1010675 discusses Hardware Versions.
> Third party Requirements:
    Deploy the Guest OS patches for CVE-2017-5715. These patches are to be obtained from your OS vendor.
    Update the CPU microcode. Additional microcode is needed for your CPU to be able to expose the new MSRs that are used by the patched Guest OS. This microcode should be available from your hardware platform vendor.
    VMware is providing several versions of the required -microcode- from INTEL and AMD through ESXi patches listed in the table. See VMware Knowledge Base 52085 for more details...
>> Solution:
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> vCenter Server 6.5 U1e
Downloads and Documentation:
- https://my.vmware.co...adGroup=VC65U1E
> vCenter Server 6.0 U3d
Downloads and Documentation:
- https://my.vmware.co...=491&rPId=20946
> vCenter Server 5.5 U3g
Downloads and Documentation:
- https://my.vmware.co...=353&rPId=20876
> VMware ESXi 6.5
Downloads:  
- https://my.vmware.co...up/vmware/patch
Documentation:  
- http://kb.vmware.com/kb/52198
http://kb.vmware.com/kb/52199
> VMware ESXi 6.0
Downloads:  
- https://my.vmware.co...up/vmware/patch
Documentation:  
- http://kb.vmware.com/kb/52205
- http://kb.vmware.com/kb/52206
> VMware ESXi 5.5
Downloads:  
- https://my.vmware.co...up/vmware/patch
Documentation:  
- http://kb.vmware.com/kb/52127
> VMware Workstation Pro, Player 14.1.1
Downloads and Documentation:
- https://www.vmware.c...loadworkstation
- https://www.vmware.c.../downloadplayer
- https://www.vmware.c...bs/ws_pubs.html
> VMware Fusion Pro / Fusion 8.5.10, 10.1.1
Downloads and Documentation:  
- https://www.vmware.c.../downloadfusion 
- https://www.vmware.c...usion_pubs.html
>> References:
- http://cve.mitre.org...e=CVE-2017-5715
VMware Knowledge Base Article 52085:
- https://kb.vmware.com/s/article/52085
VMware Knowledge Base Article 1010675:
- https://kb.vmware.co...article/1010675
VMware Knowledge Base article 52245
- https://kb.vmware.com/s/article/52245
___

- https://www.us-cert....ecurity-Updates
Jan 10, 2018
 

Edited by AplusWebMaster, 10 January 2018 - 06:40 PM.

[AplusWebMaster]

FYI...

VMSA-2018-0005 - VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulns
- https://www.vmware.c...-2018-0005.html
Issue date: 2018-01-10
Severity: Critical
Summary: VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities
> Relevant Products:
    VMware Workstation Pro / Player (Workstation)
    VMware Fusion Pro / Fusion (Fusion)
> Problem Description:
a. Use-after-free vulnerability in VMware NAT service
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host.
Note: IPv6 mode for VMNAT is not enabled by default...
b. Integer-overflow vulnerability in VMware NAT service
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues.
Note: IPv6 mode for VMNAT is not enabled by default...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> VMware Workstation Pro 14.1.1
Downloads and Documentation:  
- https://www.vmware.c...loadworkstation  
- https://www.vmware.c...bs/ws_pubs.html  
> VMware Workstation Player 14.1.1
Downloads and Documentation:  
- https://www.vmware.c.../downloadplayer  
- https://www.vmware.c...layer_pubs.html
> VMware Workstation Pro 12.5.9
Downloads and Documentation:
- https://my.vmware.co...tation_pro/12_0
- https://www.vmware.c...bs/ws_pubs.html
> VMware Workstation Player 12.5.9
Downloads and Documentation:
- https://my.vmware.co...ion_player/12_0
- https://www.vmware.c...layer_pubs.html
> VMware Fusion Pro / Fusion 10.1.1
Downloads and Documentation:  
- https://www.vmware.c.../downloadfusion  
- https://www.vmware.c...usion_pubs.html
> VMware Fusion Pro / Fusion 8.5.10
Downloads and Documentation:  
- https://my.vmware.co...ware_fusion/8_0  
- https://www.vmware.c...usion_pubs.html
References
- http://cve.mitre.org...e=CVE-2017-4949
- http://cve.mitre.org...e=CVE-2017-4950
___

- https://www.us-cert....kstation-Fusion
Jan 11, 2018
___

- https://www.security....com/id/1040161
CVE Reference: CVE-2017-4949, CVE-2017-4950
Jan 11 2018
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation 12.x, 14.x; Fusion 8.x, 10.x ...
Impact: A local user on the guest system can gain elevated privileges on the host system.
Solution: VMware has issued a fix (8.5.10, 10.1.1, 12.5.9, 14.1.1).
 

[AplusWebMaster]

FYI...

VMSA-2018-0002.2 - VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution
- https://www.vmware.c...-2018-0002.html
Severity: Important
Updated on: 2018-01-13
Change log:
2018-01-03 VMSA-2018-0002 - Initial security advisory
2018-01-09 VMSA-2018-0002.1 - Updated security advisory after release of ESXi 5.5 patch (ESXi550-201801401-BG) that has remediation against both CVE-2017-5753 and CVE-2017-5715 on 2018-01-09
2018-01-13 VMSA-2018-0002.2 - Updated security advisory with microcode information found in KB52345:
> https://kb.vmware.com/s/article/52345
Intel Sightings in ESXi Bundled Microcode Patches for VMSA-2018-0004 (52345)...
Updated: Jan 16, 2018
___

VMSA-2018-0005 - VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulns
- https://www.vmware.c...-2018-0005.html
Severity: Critical
Issue date: 2018-01-10
Summary: VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities
2. Relevant Products:
    VMware Workstation Pro / Player (Workstation)
    VMware Fusion Pro / Fusion (Fusion)
3. Problem Description:
a. Use-after-free vulnerability in VMware NAT service
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host.
Note: IPv6 mode for VMNAT is not enabled by default.
b. Integer-overflow vulnerability in VMware NAT service
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues.
Note: IPv6 mode for VMNAT is not enabled by default...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> VMware Workstation Pro 14.1.1
Downloads and Documentation:  
- https://www.vmware.c...loadworkstation 
- https://www.vmware.c...bs/ws_pubs.html 
> VMware Workstation Player 14.1.1
Downloads and Documentation:  
- https://www.vmware.c.../downloadplayer 
- https://www.vmware.c...layer_pubs.html
> VMware Workstation Pro 12.5.9
Downloads and Documentation:
- https://my.vmware.co...tation_pro/12_0
- https://www.vmware.c...bs/ws_pubs.html
> VMware Workstation Player 12.5.9
Downloads and Documentation:
- https://my.vmware.co...ion_player/12_0
- https://www.vmware.c...layer_pubs.html
> VMware Fusion Pro / Fusion 10.1.1
Downloads and Documentation:  
- https://www.vmware.c.../downloadfusion 
- https://www.vmware.c...usion_pubs.html
> VMware Fusion Pro / Fusion 8.5.10
Downloads and Documentation:  
- https://my.vmware.co...ware_fusion/8_0 
- https://www.vmware.c...usion_pubs.html
___

- https://www.us-cert....kstation-Fusion
Jan 11, 2018
___

VMSA-2018-0004.2 - VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue
- https://www.vmware.c...-2018-0004.html
Severity: Important
Updated on: 2018-01-12
Summary: VMware vSphere, Workstation and Fusion updates add Hypervisor- Assisted Guest Remediation for speculative execution issue.
Notes:
Hypervisor remediation can be classified into the two following categories:
   - Hypervisor-Specific Remediation (documented in VMSA-2018-0002)
   - Hypervisor-Assisted Guest Remediation (documented in this advisory)
The ESXi patches and new versions of Workstation and Fusion of this advisory include the Hypervisor-Specific Remediation documented in VMware Security Advisory VMSA-2018-0002.
More information on the types of Hypervisor remediation may be found in VMware Knowledge Base article 52245*.
2. Relevant Products:
    VMware vCenter Server (VC)
    VMware vSphere ESXi (ESXi)
    VMware Workstation Pro / Player (Workstation)
    VMware Fusion Pro / Fusion (Fusion)   
3. Problem Description: New speculative-execution control mechanism for Virtual Machines
 Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (Guest OS) can remediate the Branch Target Injection issue (CVE-2017-5715). This issue may allow for information disclosure between processes within the VM.
To remediate CVE-2017-5715 in the Guest OS the following VMware and third party requirements must be met:
> https://kb.vmware.com/s/article/52345
Intel Sightings in ESXi Bundled Microcode Patches for VMSA-2018-0004 (52345)
* https://kb.vmware.com/s/article/52245
VMware Response to Speculative Execution security issues, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (aka Spectre and Meltdown) (52245)
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> vCenter Server 6.5 U1e
Downloads and Documentation:
- https://my.vmware.co...adGroup=VC65U1E
> vCenter Server 6.0 U3d
Downloads and Documentation:
- https://my.vmware.co...=491&rPId=20946
> vCenter Server 5.5 U3g
Downloads and Documentation:
- https://my.vmware.co...=353&rPId=20876
> VMware ESXi 6.5
Downloads and Documentation:
- https://kb.vmware.com/s/article/52345
> VMware ESXi 6.0
Downloads and Documentation:  
- https://kb.vmware.com/s/article/52345
> VMware ESXi 5.5
Downloads and Documentation:
- https://kb.vmware.com/s/article/52345
> VMware Workstation Pro, Player 14.1.1
Downloads and Documentation:
- https://www.vmware.c...loadworkstation
- https://www.vmware.c.../downloadplayer
- https://www.vmware.c...bs/ws_pubs.html
> VMware Workstation Pro, Player 12.5.9
Downloads and Documentation:
- https://my.vmware.co...tation_pro/12_0
- https://my.vmware.co...ion_player/12_0
- https://www.vmware.c...bs/ws_pubs.html
> VMware Fusion Pro / Fusion 8.5.10, 10.1.1
Downloads and Documentation:  
- https://www.vmware.c.../downloadfusion 
- https://www.vmware.c...usion_pubs.html
 

Edited by AplusWebMaster, 17 January 2018 - 11:33 AM.