VMware Patches Security Flaw in ESX, Workstation, Fusion and View
Derek Soeder of Cylance and Kostya Kortchinsky of Microsoft are credited with uncovering the vulnerability.
"VMware ESX, Workstation, Fusion, and View contain a vulnerability in the handling of control code in vmci.sys," the company stated in a security advisory. "A local malicious user may exploit this vulnerability to manipulate the memory allocation through the Virtual Machine Communication Interface (VMCI) code. This could result in a privilege escalation on Windows-based hosts and on Windows-based Guest Operating Systems."
"The hyper-sized virtualisation company wasn't terribly clear about just how much risk the flaw exposes you to, or quite how badly you might get owned as a result," writes Sophos' Paul Ducklin.
"But it does not appear to be a hypervisor escape bug: that is, it may not be possible to exploit the hole to leap from a guest into the host environment and thus attack the server running the virtual machines," writes The Register's John Leyden. "VMware's VMCI driver is present in the host and guest Windows operating systems and, presumably, this latest vulnerability allows a user local to the guest or host ramp up their access rights within their respective guest or host environment."