Headline
Update now: Critical flaw in VMWare Fusion and VMWare Workstation
Categories: News Tags: VMware
Tags: workstation
Tags: fusion
Tags: virtual machine
Tags: SCSI
Tags: DVD
Tags: CD
Tags: virtualisation
Tags: exploit
Tags: vulnerability
Tags: flaw
Tags: CVE
VMWare has released fixes and mitigations for three Important and one Critical vulnerability in its Fusion and Workstation software.
(Read more…)
The post Update now: Critical flaw in VMWare Fusion and VMWare Workstation appeared first on Malwarebytes Labs.
Four vulnerabilities in virtualisation software have been fixed by VMware, including two which were exploited at the 20223 Pwn2Own contest. Three have been given the severity rating “Important”, with the last (CVE-2023-20869) is classed as “Critical”.
Success! @starlabs_sg used an uninitialized variable and UAF against VMWare Workstation. They earn $80,000 and 8 Master of Pwn points, pushing the prize total for #P2OVancouver past $1,000,000. #Pwn2Own pic.twitter.com/DEjgYcmphH
— Zero Day Initiative (@thezdi) March 24, 2023
The four vulnerabilities are:
- CVE-2023-20869 is “Critical” flaw that affects Fusion and Workstation. It is a stack-based buffer overflow issue in the functionality for sharing host Bluetooth devices with the virtual machine. As per the advisory, “A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.” Needless to say, guest VMs are not supposed to be able to make the host machines they’re running on do things.
- CVE-2023-20870 is an “Important” flaw that affects Fusion and Workstation. It’s another issue in the functionality for sharing host Bluetooth devices, but with this one an attacker can potentially read privileged information stored in the virtual machine’s hypervisor memory.
- CVE-2023-20871 is an “Important” flaw that only affects Fusion. It allows an attacker who has read / write access to the host operating system to elevate their privileges to gain root access to the host operating system.
- CVE-2023-20872 is an “Important” flaw that affects Fusion and Workstation. It allows virtual machines with a physical CD/DVD drive attached to execute code on the hypervisor, if the drive is configured to use a virtual SCSI controller.
Workarounds and updates
All four issues can be addressed by updating to the latest version of the affected software. At the time of writing these are VMware Fusion 13.0.2 and VMware Workstation 17.0.2. Workarounds are available for CVE-2023-20869, CVE-2023-20870, and CVE-2023-20872.
CVE-2023-20869 and CVE-2023-20870 can be mitigated by turning off Bluetooth support by unchecking the “Share Bluetooth devices with the virtual machine” option. The relevant support documents for each product are VMware Workstation Pro, VMware Workstation Player, and VMware Fusion.
CVE-2023-20872 can be mitigated by removing the CD/DVD device from the virtual machine. Alternatively, you can configure the virtual machine so that it does not use a virtual SCSI controller. After shutting down the virtual machine, the steps are:
To remove the CD/DVD device in VMWare Workstation:
- Select VM > Settings
- Click the Hardware tab
- Select the CD/DVD and click Remove
To remove the CD/DVD device in VMWare Fusion:
- Select a virtual machine in the Virtual Machine Library window
- Click on Virtual Machine menu
- Click Settings
- Under Removable Devices in the Settings window, select CD/DVD > Advanced Options > Remove CD/DVD Drive.
To configure VMWare Workstation not to use a virtual SCSI controller:
- Select VM > Settings
- Click the Hardware tab
- Select the CD/DVD > Advanced > CD/DVD Advanced Settings > Virtual device node
- You can configure the Bus type
To configure VMWare Fusion not to use a virtual SCSI controller:
- Select a virtual machine in the Virtual Machine Library window
- Click on Virtual Machine menu
- Click on Settings
- Under Removable Devices in the Settings window, Select CD/DVD > Advanced options > Bus type
- You can configure the Bus type.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
TRY NOW
Related news
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
By Habiba Rashid At the time of writing, all reported fake repositories have been taken down and the malicious PoC has been removed from GitHub. This is a post from HackRead.com Read the original post: Fake GitHub Repos Caught Dropping Malware as PoCs AGAIN!
In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method. "In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said.
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.