nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

It's patchin' time for devs using Virtzilla's desktop hypervisors

Get busy for the Critical one, nail the Important one while you are at it

By Simon Sharwood, 15 Mar 2017

Time to patch your desktop hypervisors, folks: VMware Workstation and Fusion have a pair of problems apiece.

The first landed last week in the form of a merely “important” patch for Workstation that fixed a problem whereby loading a .DLL could escalate privileges. Updating to version 12.5.3 sorted that one out.

But you may not need to worry with that update, because VMware has since issued a “critical” advisory, letting us know that “the drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.”

There's a mitigation and a fix for this one. The former requires you to merely disable drag-and-drop and cut-and-paste. But seeing as those are very useful ways to get stuff into and out of VMs, The Register's virtualization desk fancies a few of you would rather update to Workstation 12.5.4 and Fusion 8.5.5 and just sort the problem out properly.

VMware's also addressing the Apache Struts 2 bug, offering a workaround for it on vCenter Server. Horizon DaaS, vRealize Operations Manager and vRealize Hyperic server await their fixes/patches. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing