New VMware Security Advisory VMSA-2017-0002

New VMware Security Advisory VMSA-2017-0002

This post was originally published on this site ---

--- This is a critical security advisory from VMware (VMSA) ---

Greetings from the VMware Security Response Center !

Today VMware has released the following new security advisory:

VMSA-2017-0002 – Horizon DaaS update addresses an insecure data validation issue”

The advisory documents a moderate severity insecure data validation issue (CVE-2017-4897) in VMware Horizon DaaS. All 6.1.x versions are affected.

This vulnerability can be exploited by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Horizon DaaS 7.0.0 carries a fix for this issue.

VMware would like to thank Ahmad Ashraff of Aura Information Security for reporting this issue to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

The post New VMware Security Advisory VMSA-2017-0002 appeared first on VMware Security & Compliance Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *