This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Security Response Center! It has come to our attention that a previously resolved vulnerability identified by CVE-2018-6961 which affected VMware SD-WAN Edge (Velocloud) prior to v3.1.2 has been reported to be included as one of multiple injection methods for a newly discovered variant of the Mirai malware. Unit 42 has a good write up on what they have discovered here: https://unit42.paloaltonetworks.com/new-mirai-variant-adds-8-new-exploits-targets-additional-iot-devices. VMware Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2019-0009 – VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities (CVE-2019-5522, CVE-2019-5525)” This documents the remediation of two important severity issues in VMware Tools and VMware Workstation respectively. Issue (a) CVE-2019-5522 an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. A local attacker Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: VMSA-2019-0006 – VMware ESXi, Workstation and Fusion updates address multiple out-of-bounds read vulnerabilities This advisory documents Important Severity issues. Issue (a) VMware ESXi, Workstation and Fusion updates address an out-of-bounds vulnerability (CVE-2019-5516) with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisories: VMSA-2019-0004: VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability This advisory documents a Critical severity Remote Session Hijack vulnerability (CVE-2019-5523) in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session. We would like to thank Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — We wanted to post a quick acknowledgement that VMware will have representatives in attendance at Pwn2Own Vancouver 2019 to review any vulnerabilities that may be demonstrated during the security contest. Stay tuned for further updates. As always please sign up for our VMware Security Advisories here for new and updated information. The post VMware and Pwn2Own Vancouver 2019 appeared first on VMware Security & Compliance Blog. Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — VMware has released the following new security advisories: VMSA-2019-0002 – VMware Workstation update addresses elevation of privilege issues. This documents important severity elevation of privilege issues. Issue (a) (CVE-2019-5511). Workstation does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege. Issue (b) (CVE-2019-5512). COM classes Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new and updated security advisories: VMSA-2019-0001 – https://www.vmware.com/security/advisories/VMSA-2019-0001.html Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post VMware Security Advisory VMSA-2019-0001 appeared first on VMware Security & Compliance Blog. Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0031 – vRealize Operations updates address a local privilege escalation vulnerability” This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6978) in vRealize Operations (vROps). The issue exists due to improper permissions of support scripts. Admin** user of the vROps application with shell access may exploit this issue to elevate the privileges to root Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Security Response Center! Yesterday Kubernetes disclosed CVE-2018-1002105 – a critical severity vulnerability in the Kubernetes API server. For more details on the vulnerability please see Kubernetes’ announcement here: https://discuss.kubernetes.io/t/kubernetes-security-announcement-v1-10-11-v1-11-5-v1-12-3-released-to-address-cve-2018-1002105/3700 This vulnerability affects the following VMware products: -VMware Pivotal Container Service (PKS) -VMware vCloud Read more […]

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — On November 20th 2018 VMware released the following new security advisory: VMSA-2018-0029 – vSphere Data Protection (VDP) updates address multiple security issues. This documents several critical, important and moderate severity issues affecting VDP. VDP is based on Dell EMC Avamar Virtual Edition. Issue (a) is a critical severity remote code execution vulnerability (CVE-2018-11066). A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands Read more […]