Incident Response, Patch/Configuration Management, TDR, Vulnerability Management

VMware patches five holes in ESX Server

Virtualization software maker VMware on Friday issued fixes for five vulnerabilities in its ESX Server.

The bugs could be exploited to expose sensitive information, bypass security controls or launch a denial-of-service attack, according to vulnerability tracking firm Secunia, which ranked the flaws "moderately critical."

The holes affect the hypervisor-based ESX Server versions 2 and 3.

In September, VMware issued a patch release to correct 13 "highly critical" flaws in the ESX Server. The product allows multiple virtual machines to run on the same physical server.

News of the vulnerabilities come one day after public reports said VMware soon plans to unveil a security initiative -- called VMSafe -- whose goal is to protect machines running on the company's virtualization software. VMware plans to partner with a number of large IT security players -- including Symantec, McAfee and IBM Internet Security Systems -- on the undertaking.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.