VMware fixes critical vulnerarbilities in Workstation and Fusion

[German]VMware developers have closed several critical vulnerabilities in their virtualization products VMware Workstation and Fusion these days.


Advertising

I have already become aware of this issue a few days ago via this tweet from Bleeping Computer.

VMware has therefore released security updates to address several vulnerabilities in VMware ESXi, Workstation and Fusion. One of them is a critical flaw in default configurations of Workstation and Fusion with 3D graphics enabled.

CISA warns

The US Cyber Security and Infrastructure Security Agency (CISA) has also issued a warning. It warns that an attacker could exploit some of these vulnerabilities to take control of an affected system. CISA users and administrators are urged to update VMware products as soon as possible.

Details are available in the VMware Advisory

Details can be found in the VMware security advisory VMSA-2020-0015 dated June 23, 2020, where VMware lists the following CVEs:


Advertising

CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE-2020-3971

The following VMware products are affected:

  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Cloud Foundation

The VMware Security Advisory VMSA-2020-0015 provides details about the vulnerabilities and also provides information about the required updates or workarounds.


Advertising


This entry was posted in Security, Software, Update, Virtualization and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *