Wall Street darling VMware released patches that address multiple vulnerabilities in its products this week.

The virtualisation firm, which recently went public, issued updates to fix bugs in various versions of VMware ACE, VMware Player, VMware Server and VMware Workstation.

The flaws range in severity, with some allowing malicious users to crash vulnerable systems or local users to gain escalated privileges, while others enable hackers to inject malicious code into vulnerable systems.

Security notification firm Secunia has a summary of the update here. Credit for discovering the bugs goes to security researchers at ISS, McAfee, and Foundstone.

A more detailed summary of the bugs can be found on a posting by VMWare on a full disclosure mailing list here.

Many of the updates address vulnerabilities in underlying third-party code that have been known about for some time, the SANS Institute's Internet Storm Centre (ISC) notes. The increased use of virtualisation in corporate data centres and elsewhere has raised the profile of the technology.

Handlers at the ISC describe how the technology is showing signs of becoming a battleground between security researchers and crackers, as well as outlining a possible response, in a thought-provoking posting here. ®

Related stories

VMware opens its products to security apps (28 February 2008)
VMWare update lances virtual bugs (22 February 2008)
EMC shares ride VMware madness (25 October 2007)
VMware makes storage fluid (8 October 2007)
VMware opens certification program to storage vendors (28 September 2007)
Sun to virtualize boxes, storage and NICs with 'Project Virginia' (18 September 2007)
Acronis grabs virtual servers by their backups (17 September 2007)
Virtualization standards becoming a reality (13 September 2007)
Canonical and VMware team on mini-Ubuntu (13 September 2007)
VMware's 'Calista Flockhart' hypervisor may or may not change the world (11 September 2007)
Virtualisation gets trendy (6 June 2007)