1.0 Introduction
Recently, VMware released a security advisory addressing three zero-day vulnerabilities across multiple VMware products in VMware ESXi, Workstation, and Fusion.
2.0 Impact
A cyber threat actor with admin privileges could exploit these vulnerabilities to gain code execution on the virtual-machine executable (VMX) process, cause the VMX process to leak contents from memory, and exploit these vulnerabilities through VMX process to escape the sandbox.
3.0 Affected Products
- VMware ESXi
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion
- VMware Cloud Foundation
- VMware Telco Cloud Platform
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the
VMware Advisories
and apply the necessary updates.
Kindly refer to the following URL: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:3the 0 MYT
Web:
https://www.mycert.org.my
5.0 References