Security Alert (A18-03-05): Vulnerability in VMware Products
19 March 2018
VMware has published a security advisory to address a vulnerability found in VMware Workstation version 12.x and 14.x, as well as VMWare Fusion version 8.x and 10.x. With virtual network computing (VNC) feature enabled on affected systems, an attacker could remotely exploit the vulnerabilities by opening large number of VNC sessions. The proof-of-concept exploit code is available on the Internet.
VMware Workstation version 12.x, 14.x
VMware Fusion version 8.x, 10.x
Successful exploitation of the vulnerability could lead to denial-of-service condition on an affected system.
The product vendor has released new versions, as well as workarounds, to address the issue at the vendor's website:
VMware Workstation Pro 14.1.1 https://www.vmware.com/go/downloadworkstation
VMware Workstation Player 14.1.1 https://www.vmware.com/go/downloadplayer
VMware Fusion Pro / Fusion 10.1.1 https://www.vmware.com/go/downloadfusion
Workarounds for VMware Workstation 12.x and Fusion 8.x https://kb.vmware.com/s/article/52934
System administrators may contact their product support vendors for the fixes and assistance.