VMware patch batch fixes 20 security flaws

Summary:VMware patches a total of 20 different vulnerabilities affecting all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE and VMware Player.

VMWare patch binge
Virtualization software specialist VMware has shipped a batch of "critical" security updates to cover gaping holes in a wide range of its server and workstation products.

An advisory from VMware lists a total of 20 different vulnerabilities affecting all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE and VMware Player.

The company warned that attackers can exploit these bugs to launch code execution or denial-of-service attacks. In certain scenarios, a successful exploit would allow an attacker to escape from a guest system in a VM or shut down processes on the host.

[SEE: VMware buys Determina ]

Secunia rates the patch batch as "moderately critical" but issued a separate alert for the VMware ESX Server issue which carries a "highly critical" rating:

This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, perform certain actions with escalated privileges, or to cause a DoS (Denial of Service), by malicious users to bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

Download locations for product patches are available in the VMware advisory.

Topics: Security, VMWare

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.