VMware patches vulnerability with Windows XP, 2003 guests

VMware patches vulnerability with Windows XP, 2003 guests

Summary: When running under VMware Workstation, Fusion, ESX or ESXi hypervisors, old versions of Windows are vulnerable to privilege escalation.

SHARE:

VMware has issued an update for several of their hypervisor products to address a privilege escalation vulnerability when running Windows XP, Windows Server 2003 and older versions of Windows as a guest operating system.

The products are VMware WorkstationVMware Fusion and VMware ESXi and ESX. The vector for the attack is a VMware device driver LGTOSYNC.SYS. The file properties for this driver describe it as "VMware/Legato Sync Driver."

The hypervisor itself is not exploitable through this vulnerability, but an unprivileged Windows process could elevate privilege under Windows. Presumably it could attain the privileges under which LGTOSYNC.SYS runs, but the advisory does not specify what level this is.

Updated versions may be downloaded at these pages:

Topics: Security, Virtualization, VMware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion