Tag: VMSA

New VMware Security Advisory VMSA-2018-0017

New VMware Security Advisory VMSA-2018-0017

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0017 – VMware Tools update addresses an out-of-bounds read vulnerability” This documents the remediation of an important severity out-of-bounds read vulnerability (CVE-2018-6969) in VMware Tools. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. File sharing must be enabled to be able to exploit this issue. VMware Read more […]

New VMware Security Advisory VMSA-2018-0016 and updated advisories VMSA-2018-0011.1, VMSA-2018-0012.1

New VMware Security Advisory VMSA-2018-0016 and updated advisories VMSA-2018-0011.1, VMSA-2018-0012.1

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new and updated security advisories: VMSA-2018-0016 – VMware ESXi, and Workstation updates address multiple out-of-bounds read vulnerabilities.VMSA-2018-0012.1 – VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative StoreVMSA-2018-0011.1 – Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud VMSA-2018-0016 documents out-of-bound read issues in the shader translator Read more […]

VMSA-2018-0015

VMSA-2018-0015

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new and updated security advisories: VMSA-2018-0015 – https://www.vmware.com/security/advisories/VMSA-2018-0015.html Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post VMSA-2018-0015 appeared first on VMware Security & Compliance Blog. Read more […]

New VMware Security Advisory VMSA-2018-0014

New VMware Security Advisory VMSA-2018-0014

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: “VMSA-2018-0014 – VMware Horizon Client update addresses a privilege escalation vulnerability” This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6964) in VMware Horizon Client for Linux. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed. VMware Horizon Client Read more […]

New VMware Security Advisory VMSA-2018-0013

New VMware Security Advisory VMSA-2018-0013

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0013 – VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities” This documents the remediation of an important severity issue (CVE-2018-6962) in VMware Fusion and moderate severity issues (CVE-2018-6963) in VMware Workstation and Fusion. Issue (a) CVE-2018-6962 is signature bypass vulnerability which may lead to a local privilege escalation. This issue Read more […]

VMSA-2018-0012

VMSA-2018-0012

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Security Response Center! Today we released VMSA-2018-0012 which documents Hypervisor-Assisted Guest Mitigations for CVE-2018-3639 (Speculative Store Bypass). In addition CVE-2018-3640 (Rogue System Register Read) was also disclosed today. We thought a few points and a documentation summary would be in order to help sum up what this issue means for VMware products: CVE-2018-3639 – The issue requires Hypervisor-Assisted Guest Mitigations for vSphere to pass the new Read more […]

NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities

NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Response Center! Today we wanted to make you aware that NVIDIA has released a security bulletin entitled NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities which details some NVIDIA GPU Display Driver Vulnerabilities and remediation. CVE-2018-6251 and CVE-2018-6253 have been shown to affect VMware Workstation, but they are not something that we can fully resolve from our end. Therefore, we wanted to make sure you were informed of these issues so that Read more […]

New VMware Security Advisory VMSA-2018-0010

New VMware Security Advisory VMSA-2018-0010

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: “VMSA-2018-0010 – Horizon DaaS update addresses a broken authentication issue” This documents the remediation of a moderate severity issue (CVE-2018-6960) in VMware Horizon DaaS that may allow an attacker to bypass two-factor authentication. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. All VMware Horizon DaaS 7.x versions are affected. This issue has been addressed in VMware Read more […]

New VMware Security Advisory VMSA-2018-0009

New VMware Security Advisory VMSA-2018-0009

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: VMSA-2018-0009  – vRealize Automation (vRA) updates address multiple security issues This documents the remediation of Important and Moderate severity issues (CVE-2018-6958  and CVE-2018-6959). Issue (a)  CVE-2018-6958 is a DOM-based cross-site scripting (XSS) vulnerability. Exploitation of this issue may lead to the compromise of the vRA user’s workstation. Issue (b) CVE-2018-6959 is a vulnerability in Read more […]

VMSA-2018-0004.3

VMSA-2018-0004.3

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Security Response Center! It’s time. Today we released VMSA-2018-0004.3 which documents Hypervisor-Assisted Guest Mitigations for CVE-2017-5715 (Spectre-2). We thought it would be a good idea to quickly link all of the documentation which has undergone a major change. For newcomers, please familiarize yourself by reading through KB52245 first to get a strong understanding of the various categories of mitigations that VMware has provided. Major Updates: Updated Advisory: Read more […]