The Channel logo


By | John Leyden 24th September 2007 14:57

VMware updates take aim at bug swarm

Flaw filler

Wall Street darling VMware released patches that address multiple vulnerabilities in its products this week.

The virtualisation firm, which recently went public, issued updates to fix bugs in various versions of VMware ACE, VMware Player, VMware Server and VMware Workstation.

The flaws range in severity, with some allowing malicious users to crash vulnerable systems or local users to gain escalated privileges, while others enable hackers to inject malicious code into vulnerable systems.

Security notification firm Secunia has a summary of the update here. Credit for discovering the bugs goes to security researchers at ISS, McAfee, and Foundstone.

A more detailed summary of the bugs can be found on a posting by VMWare on a full disclosure mailing list here.

Many of the updates address vulnerabilities in underlying third-party code that have been known about for some time, the SANS Institute's Internet Storm Centre (ISC) notes. The increased use of virtualisation in corporate data centres and elsewhere has raised the profile of the technology.

Handlers at the ISC describe how the technology is showing signs of becoming a battleground between security researchers and crackers, as well as outlining a possible response, in a thought-provoking posting here. ®

comment icon Read 1 comment on this article alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe