Information Technology News.


VMware issues security patches for Workstation and Fusion

Share on Twitter.

Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

March 15, 2017

Two new security vulnerabilities have been discovered in VMware's Workstation and Fusion applications.

The first security flaw was noticed last week in the form of a merely important security patch for Workstation that fixed an issue whereby loading a .DLL could escalate admin privileges.

Updating to version number 12.5.3 fixed that security bug, we are told, but you may not need to worry with that update, because VMware has since issued a critical advisory.

That tells us that the drag-and-drop function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability.

That security bug could allow a guest to execute arbitrary code on the operating system that runs Workstation or Fusion, VMware asserts.

There's a fix for that one. The former requires you to merely disable drag-and-drop and cut-and-paste. But seeing as those are very useful ways to get stuff into and out of virtual machines, you should update to Workstation 12.5.4 and Fusion 8.5.5.

VMware is also addressing the Apache Struts 2 security flaw, offering a workaround for it on vCenter Server.

We are told that VMware should be able to deliver those security patches soon, but we are still waiting for a firm date.

Source: VMware.


Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

Share on Twitter.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.