Tag: ADVISORY

VMSA-2018-0004.3

VMSA-2018-0004.3

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Security Response Center! It’s time. Today we released VMSA-2018-0004.3 which documents Hypervisor-Assisted Guest Mitigations for CVE-2017-5715 (Spectre-2). We thought it would be a good idea to quickly link all of the documentation which has undergone a major change. For newcomers, please familiarize yourself by reading through KB52245 first to get a strong understanding of the various categories of mitigations that VMware has provided. Major Updates: Updated Advisory: Read more […]

New VMware Security Advisory VMSA-2018-0008

New VMware Security Advisory VMSA-2018-0008

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0008 – Workstation and Fusion updates address a denial-of-service vulnerability This documents the remediation of an Important severity denial-of-service vulnerability affecting VMware Workstation and Fusion. This issue can be triggered by opening a large number of VNC sessions.  In order for exploitation to be possible, VNC must be manually enabled on Workstation and Fusion. VMware Workstation 14.1.1 and Read more […]

VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to speculative execution

VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to speculative execution

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Security Response Center! We thought we should post an explanation of today’s changes to VMSA-2018-0007 as we have removed CVE-2017-5715 from the advisory. The reason we have done this is to clarify which of these issues have been mitigated against currently known variants of the different vulnerabilities. Because CVE-2017-5753 (Meltdown) is considered by some to be the most severe/exploitable of the issues, we did not want to wait for CVE-2017-5715 (Spectre-2) mitigations Read more […]

VMware Security Advisory VMSA-2018-0007

VMware Security Advisory VMSA-2018-0007

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new and updated security advisories: VMSA-2018-0007 Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post VMware Security Advisory VMSA-2018-0007 appeared first on VMware Security & Compliance Blog. Read more […]

VMware Security Advisory VMSA-2018-0006

VMware Security Advisory VMSA-2018-0006

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new and updated security advisories: VMSA-2018-0006 – vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post VMware Security Advisory VMSA-2018-0006 appeared first on VMware Security Read more […]

New VMware Security Advisory VMSA-2018-0005

New VMware Security Advisory VMSA-2018-0005

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0005 – VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities” This documents the remediation of Critical and Important severity issues (CVE-2017-4949, and CVE-2017-4950). Issues (a) CVE-2017-4949 is a use-after-free vulnerability in VMware NAT service which can be exploited when IPv6 mode is enabled. This issue is rated as critical and may allow a guest to execute Read more […]

New VMware Security Advisory VMSA-2018-0003

New VMware Security Advisory VMSA-2018-0003

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0003 – vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities” This documents the remediation of three Important severity issues (CVE-2017-4945, CVE-2017-4946, and CVE-2017-4948). Issues (a) CVE-2017-4946 is a privilege escalation vulnerability that affects vRealize Operations for Horizon Read more […]

VMSA-2018-0002

VMSA-2018-0002

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: VMSA-2017-0002 – VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. This advisory documents remediation for known variants of the Bounds-Check Bypass (CVE-2017-5753) and Branch Target Injection (CVE-2017-5715) issues due to speculative execution disclosed today by Google Project Zero. These issues may result in information disclosure from one Virtual Machine to another Virtual Read more […]

VMSA-2018-0001

VMSA-2018-0001

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — New VMware Security Advisory VMSA-2018-0001 On January 2nd 2018 VMware released the following new security advisory: VMSA-2018-0001 – vSphere Data Protection (VDP) updates address multiple security issues. This documents several critical severity issues affecting VDP. Issue (a) is an authenication bypass vulnerability (CVE-2017-15548). A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. Issue (b) Read more […]

New VMware Security Advisory VMSA-2017-0021

New VMware Security Advisory VMSA-2017-0021

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: “VMSA-2017-0021 – VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities” This documents the remediation of four Important severity issues (CVE-2017-4933, CVE-2017-4940, CVE-2017-4941, and CVE-2017-4943). These issues affect VMware ESXi, VMware Workstation, VMware Fusion and VMware vCenter Server Appliance. Issues (a) CVE-2017-4941 and (b) CVE-2017-4933 are stack Read more […]