VMware patches privilege escalation vulnerability

The virtualisation specialist releases an update to address a flaw in its ESX, Workstation, Fusion and View software.

VMware has released a patch for a security vulnerability in its ESX, Workstation, Fusion and View virtualisation software.

The patch fixes a flaw that could be exploited to escalate a user's privileges on a host or guest machine running Windows. Privilege escalation exploits make it possible for an application or user to perform actions within a system they would not normally have permission to carry out.

The release addresses a vulnerability in the handling of control code in vmci.sys. The flaw allows a malicious local user to use the Virtual Machine Communication Interface code to manipulate memory allocation.

More information on the vulnerability and the patch is available in VMware's security advisory.