Home » News » Security Advisory Released by VMware

Dated: July 9, 2015

Description
VMware has released security updates for VMware Workstation, Player and Horizon View Client for Windows that address a host privilege escalation vulnerability. VMware Workstation, Player and Horizon View Client for Windows do not set a discretionary access control list (DACL) for one of their processes. This may allow a local attacker to elevate their privileges and execute code in the security context of the affected process.

Available Updates

  • VMware Workstation 11.1.1
  • VMware Workstation 10.0.7
  • VMware Player 7.1.1
  • VMware Player 6.0.7
  • VMware Horizon Client for Windows (with Local Mode Option) 5.4.2

Recommendations
NUST CSIRT encourage Users and Administrators to review the patch/release notes for their product and version and verify the checksum of the downloaded file.

References
[1]. http://www.vmware.com/security/advisories/VMSA-2015-0005.html
[2]. https://www.vmware.com/go/downloadworkstation
[3]. https://www.vmware.com/go/downloadplayer
[4]. https://www.vmware.com/go/viewclients