Sunday, February 21, 23:02
Home security VMware: Fixes critical vulnerabilities in Fusion, VMRC and other products

VMware: Fixes critical vulnerabilities in Fusion, VMRC and other products

Η VMware released yesterday one new update security to correct two critical vulnerabilities that allow privilege escalation (escalation of benefits) and denial-of-service (DoS) attacks in VMware Workstation, VMware Fusion, VMware Remote Console and Horizon Client.

The two vulnerabilities are known as CVE-2020-3950 and CVE-2020-3951 and due to improper use of setuid binaries and a heap-overflow problem in Cortado Thinprint.

The vulnerabilities could lead to privilege escalation and DoS attacks

Vulnerability CVE-2020-3950 reported by Jeffball and Rich Mirch. VMware itself stated that the vulnerability is very serious.

This vulnerability affects it VMware Fusion (versions 11.x before 11.5.2), VMware Remote Console for Mac (all versions before 11.0.1) and Horizon Client for Poppy (all versions before 5.4.0).

According to Vmware, successful exploitation of this vulnerability can allow attackers to gain more privileges And to have root access on system with Fusion, VMRC or Horizon Client installed.

On the other hand, the vulnerability that allows denial of service attacks, located at Cortado Thinprint and reported by Dhanesh Kizhakkinan of FireEye. This vulnerability affects them VMware Workstation (versions 15.x before 15.5.2), Windows and Linux apps, as well as the Horizon Client for Windows (all versions before 5.4).

VMware

VMware says the attackers could create a denial of service status on the service Thinprint, which runs on the system where the Workstation or Horizon Client is installed.

To correct the two vulnerabilities, you must receive the updates security, located in the 'Fixed Version' column of 'Resolution Matrix', which is available at VMSA-2020-0005 advisoryory.

Critical Guest-to-Host DoS error was fixed last week

Last week, VMware fixed another critical one use-after-free vmnetdhcp vulnerability on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2). The vulnerability could allow code execution on the host system and DoS attack.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...