VMware released security patches to fix vulnerabilities in the USB controllers of various hypervisors, including ESXi, Workstation, Fusion, and Cloud Foundation. These vulnerabilities could allow attackers to execute malicious code on the host system, bypassing the isolation layer. Previous exploits in VM products have been used by attacker groups to deploy ransomware. The security patches address two use-after-free memory vulnerabilities in UHCI and XHCI USB controllers, rated 9.3 out of 10 on the CVSS severity scale. A third vulnerability permits attackers to break out of the VMX sandbox, while a fourth vulnerability allows information disclosure.
VMware recommends applying the patches promptly or removing the USB controller from virtual machines as a temporary workaround. However, this workaround may impact the virtual machine’s console functionality, as some operating systems require USB for keyboard and mouse access. VMware also suggests removing unnecessary devices like USB controllers as part of security hardening guidelines. Patches are available for supported versions of affected products, with additional patches provided for older versions under extended support contracts.
Users are advised to stay vigilant, as attackers have shown interest in exploiting vulnerabilities in virtual machines and VMware products in the past. Although VMware is not aware of any active exploitation of these vulnerabilities, the possibility of exploits emerging soon cannot be ruled out. Implementing security measures and deploying patches promptly can mitigate the risk of potential attacks on virtualized systems.
Article Source
https://www.csoonline.com/article/1312309/VMware-patches-critical-flaws-that-could-allow-attackers-to-escape-vms.html/amp/
