VMware Security Advisory VMSA-2018-0003

VMware has released a new security advisory: VMSA-2018-0003 – vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities.

This advisory documents the remediation of three important issues: a privilege escalation vulnerability that affects vRealize Operations for Horizon (V4H) and vRealize Operations for Published Applications (V4PA) agents, an out-of-bounds read issue that occurs via Cortado ThinPrint and affects Workstation and Horizon View Client, and a guest access control vulnerability which affects Workstation and Fusion.

VMSA-2018-0003 – V4H and V4PA desktop agent privilege escalation vulnerability

CVE-2017-4946 – vRealize Operations for Horizon (V4H) and vRealize Operations for Published Applications (V4PA) desktop agents contain a privilege escalation vulnerability. A successful exploitation of this vulnerability would result in a low privileged windows user escalating their privileges to SYSTEM.

Affected products and versions:

  • vRealize Operations for Horizon (V4H) 6.x – update to 6.5.1
  • vRealize Operations for Published Applications (V4PA) 6.x – update to 6.5.1

VMSA-2018-0003 – Out-of-bounds read issue via Cortado ThinPrint 

CVE-2017-4948 – VMware Workstation and Horizon View Client contain an out-of-bounds read vulnerability in TPView.dll. This issue may allow a Workstation guest or a View Desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation/Horizon View Client. Exploitation is only possible if virtual printing has been enabled (enabled by default on Horizon View, disabled by default in Workstation).

Affected products and versions:

  • Horizon View Client for Windows 4.x – update to 4.7.0
  • Workstation 12.x running on Windows – no patch planned
  • Workstation 14.x running on Windows – update to 14.1.0

Workstation 12.x and 14.x running on Linux are not affected by this vulnerability.

VMSA-2018-0003 – Workstation and Fusion Guest access control vulnerability 

CVE-2017-4945 – VMware Workstation and Fusion contain a guest access control vulnerability. A successfull exploitation of this vulnerability may allow program execution via Unity on locked Windows VMs.

Affected products and versions:

  • Workstation 12.x – no patch planned
  • Workstation 14.x – update VMware Tools to 10.2.0
  • Fusion 8.x – no patch planned
  • Fusion 10.x – update VMware Tools to 10.2.0

Happy patching!

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

Constantin Ghioc

I usually play with vSphere API, Ansible, vRealize Automation, vRealize Orchestrator, and different AWS tools. In my other life I’m a husband and a father, an amateur photographer and a Go enthusiast.

Leave a Reply