VMware issues 'critical' security alert

By Shaun Nichols on Feb 27, 2008 7:03AM
Add techpartner.news As Your Trusted Source
VMware issues 'critical' security alert
The issue exists in a shared folders feature which allows guest access to files.

An advisory released by the company warned that an attacker with access to a guest folder could exploit the vulnerability to gain complete access to the machine running VMware.

The attacker would also have the ability to run code, allowing for the remote installation and execution of malware.

The vulnerability affects the Windows versions of VMware Workstation 6.0.2 and earlier versions, Player 2.0.2 and earlier and ACE 2.0.2 and earlier. VMWare Server, ESX Server or any Mac or Linux VMWare products are not affected.

The company credited security firm Core Security Technologies with discovering the flaw.

Sans researcher Raul Siles pointed out that the flaw could pose the greatest danger to the very people who fight malware.

"The impact on production environments is supposed to be limited as they tend to use the server versions," Siles wrote on a company blog.

"However, as security professionals, we make extensive use of virtualisation technologies for malware analysis, incident response, forensics, security testing, training etc, and we typically use the client versions of the products. "

There is no fix for the flaw currently available. VMware urged users to protect against the attack by disabling the shared folders feature.

VMware Security Alert: Critical VMware Security Alert for Windows-Hosted VMware Workstation, VMware Player, and VMware ACE

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk

Add techpartner.news as your trusted source

Add techpartner.news As Your Trusted Source
Tags:
alert critical issues security vmware

Partner Content

Have ticket queues become your quiet business risk?
Have ticket queues become your quiet business risk?
Fabric workshops help partners tap into data services demand growth.
Fabric workshops help partners tap into data services demand growth.
Why Australia’s Industrial Leaders Are Turning to Dynamic Aspect for Dynamics 365 Business Central
Why Australia’s Industrial Leaders Are Turning to Dynamic Aspect for Dynamics 365 Business Central
AI PCs shift from hype to revenue opportunity for partners
AI PCs shift from hype to revenue opportunity for partners
Shortfalls in cyber expertise deepen the cost and complexity of security incidents
Shortfalls in cyber expertise deepen the cost and complexity of security incidents

Sponsored Whitepapers

Transform how you provision and deliver security and backup—on one platform
Transform how you provision and deliver security and backup—on one platform
Protect the data your business relies on
Protect the data your business relies on
Cut through the SASE confusion
Cut through the SASE confusion
Stay protected as cyber threats evolve
Stay protected as cyber threats evolve
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats

Events

Pipeline 2026: Game Changers
Pipeline 2026: Game Changers
Channel Meets: Security - Gold Coast
Channel Meets: Security - Gold Coast
techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Winter Ball featuring the 2026 Impact Awards
techpartner.news Winter Ball featuring the 2026 Impact Awards

Most read articles

SentinelOne signs distribution agreement with Sektor

SentinelOne signs distribution agreement with Sektor
Bluechip Infotech enters final stage of Goodson Imports acquisition

Bluechip Infotech enters final stage of Goodson Imports acquisition
HamiltonJet partners with digital services provider Fortude

HamiltonJet partners with digital services provider Fortude
Why Kat McCrabb started with the hard stuff

Why Kat McCrabb started with the hard stuff

Log in

Email:
Password:
  |  Forgot your password?