VMware has released a patch for a security vulnerability in its ESX, Workstation, Fusion and View virtualisation software.
The patch fixes a flaw that could be exploited to escalate a user's privileges on a host or guest machine running Windows. Privilege escalation exploits make it possible for an application or user to perform actions within a system they would not normally have permission to carry out.
The release addresses a vulnerability in the handling of control code in vmci.sys. The flaw allows a malicious local user to use the Virtual Machine Communication Interface code to manipulate memory allocation.
More information on the vulnerability and the patch is available in VMware's security advisory.