Virtualization software specialist VMware has shipped a batch of "critical" security updates to cover gaping holes in a wide range of its server and workstation products.
An advisory from VMware lists a total of 20 different vulnerabilities affecting all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE and VMware Player.
The company warned that attackers can exploit these bugs to launch code execution or denial-of-service attacks. In certain scenarios, a successful exploit would allow an attacker to escape from a guest system in a VM or shut down processes on the host.
[SEE: VMware buys Determina ]
This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, perform certain actions with escalated privileges, or to cause a DoS (Denial of Service), by malicious users to bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
Download locations for product patches are available in the VMware advisory.