Patch/Configuration Management, Vulnerability Management

VMware issues updates to address host privilege escalation vulnerability

VMware Workstation, VMware Player and VMware Horizon View Client for Windows have received updates that address a host privilege escalation vulnerability – CVE-2015-3650.

According to a Thursday advisory, VMware Workstation should be updated to 11.1.1 or 10.0.7, VMware Player should be updated to 7.1.1 or 6.0.7, and VMware Horizon Client for Windows with Local Mode Option should be updated to 5.4.2. All updates are for products running on Windows.

“VMware Workstation, Player and Horizon View Client for Windows do not set a discretionary access control list (DACL) for one of their processes,” the advisory said. “This may allow a local attacker to elevate their privileges and execute code in the security context of the affected process.”

VMware credits Kyriakos Economou, a vulnerability researcher with security firm Nettitude, with identifying the issue.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.