Thursday, January 21, 2016

VMtools vulnerability

VMware is currently tracking an emergent issue with a vulnerability present in the VMware Tools “Shared Folders” (HGFS) feature running on Microsoft Windows. Successful exploitation could lead to an escalation of privilege in the guest OS.

Products affected: ESXi 5.0, 5.1, 5.5, 6.0, Workstation (prior to 11.1.2), VMware Player (prior to 7.1.2) and Fusion (prior to 7.1.2).

The Common Vulnerabilities and Exposures (CVE) Identifier is CVE-2015-6933

Solution: Removing the “Shared Folders” feature from previously installed VMware Tools will remove the possibility of exploitation. Furthermore, apply the recommended patches for your product:

NOTE: VMTools installations initiated via vSphere are not affected unless a Complete feature set was specified during the initial installation.