Skip to main content

VMware patches high severity business escalation defect

(Image credit: Image source: Shutterstock/jijomathaidesigners)

Earlier this week, VMware released multiple patches addressing high severity privilege escalation and denial-of-service (DoS) vulnerabilities in a selection of its services.

According to a Bleeping Computer report, VMware fixed flaws in the VMware Workstation, Fusion, VMware Remote Console and Horizon Client. The two flaws in question are being tracked as CVE-2020-3950 and CVE-2020-3951.

The first (CVE-2020-3950) was classified by VMware as “important”, with a severity rating of 7.3.

"Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed," said VMware's security advisory.

"Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed."

VMware also recently fixed another critical vulnerability in VMWare Workstation and Fusion tools, which could allow guests to execute code on the host system.

It was said the flaw could allow attackers to create DoS conditions in the vmnetdhcp service. All users are advised to upgrade their VMware Workstation to 15.5.2. immediately.