VMware has released a new security advisory: VMSA-2018-0003 – vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities.
This advisory documents the remediation of three important issues: a privilege escalation vulnerability that affects vRealize Operations for Horizon (V4H) and vRealize Operations for Published Applications (V4PA) agents, an out-of-bounds read issue that occurs via Cortado ThinPrint and affects Workstation and Horizon View Client, and a guest access control vulnerability which affects Workstation and Fusion.
VMSA-2018-0003 – V4H and V4PA desktop agent privilege escalation vulnerability
CVE-2017-4946 – vRealize Operations for Horizon (V4H) and vRealize Operations for Published Applications (V4PA) desktop agents contain a privilege escalation vulnerability. A successful exploitation of this vulnerability would result in a low privileged windows user escalating their privileges to SYSTEM.
Affected products and versions:
- vRealize Operations for Horizon (V4H) 6.x – update to 6.5.1
- vRealize Operations for Published Applications (V4PA) 6.x – update to 6.5.1
VMSA-2018-0003 – Out-of-bounds read issue via Cortado ThinPrint
CVE-2017-4948 – VMware Workstation and Horizon View Client contain an out-of-bounds read vulnerability in TPView.dll. This issue may allow a Workstation guest or a View Desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation/Horizon View Client. Exploitation is only possible if virtual printing has been enabled (enabled by default on Horizon View, disabled by default in Workstation).
Affected products and versions:
- Horizon View Client for Windows 4.x – update to 4.7.0
- Workstation 12.x running on Windows – no patch planned
- Workstation 14.x running on Windows – update to 14.1.0
Workstation 12.x and 14.x running on Linux are not affected by this vulnerability.
VMSA-2018-0003 – Workstation and Fusion Guest access control vulnerability
CVE-2017-4945 – VMware Workstation and Fusion contain a guest access control vulnerability. A successfull exploitation of this vulnerability may allow program execution via Unity on locked Windows VMs.
Affected products and versions:
- Workstation 12.x – no patch planned
- Workstation 14.x – update VMware Tools to 10.2.0
- Fusion 8.x – no patch planned
- Fusion 10.x – update VMware Tools to 10.2.0
Happy patching!
You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.
