Home > Blogs > VMware Security & Compliance Blog

New VMware Security Advisory VMSA-2018-0013

Today, VMware has released the following new security advisory:

VMSA-2018-0013VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities

This documents the remediation of an important severity issue (CVE-2018-6962) in VMware Fusion and moderate severity issues (CVE-2018-6963) in VMware Workstation and Fusion.

Issue (a) CVE-2018-6962 is signature bypass vulnerability which may lead to a local privilege escalation. This issue has been addressed in VMware Fusion 10.1.2.

Issue (b) CVE-2018-6963 is multiple denial-of-service vulnerabilities in the RPC handler. Exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-service of their guest machine. These issue have been addressed in VMware Workstation 14.1.2 and Fusion 10.1.2.

We would like to thank CodeColorist of AntFinancial LightYear Security Labs, Hahna Latonick and Kevin Fujimoto working with Trend Micro’s Zero Day Initiative, and Bruno Botelho (@utxsec) for reporting these issues to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

VMSA-2018-0012

Greetings from the VMware Security Response Center!

Today we released VMSA-2018-0012 which documents Hypervisor-Assisted Guest Mitigations for CVE-2018-3639 (Speculative Store Bypass). In addition CVE-2018-3640 (Rogue System Register Read) was also disclosed today.

We thought a few points and a documentation summary would be in order to help sum up what this issue means for VMware products:

CVE-2018-3639

The issue requires Hypervisor-Assisted Guest Mitigations for vSphere to pass the new Speculative-Store-Bypass-Disable (SSBD) control bit to guest operating systems, it has been classified as Moderate severity. ESXi and vCenter updates will be required.
Microcode containing the SSBD control bits are not yet available from 3rd parties so vSphere patches are on hold for now.
Workstation/Fusion patches shipped today will support SSBD when microcode patches are available.
This issue affects applications and/or execution runtimes which rely on managed code security mechanisms. Applications which consume untrusted data and rely on these mechanisms are at risk.
Operating System-Specific Mitigations are required as well, but we have not found any VMware appliances which would be affected by this issue. Regardless, we will be updating applicable open-source software in upcoming maintenance releases as a precautionary measure.

CVE-2018-3640

This issue led to a 4th speculative execution category which we have called Microcode Mitigations.
This issue is resolved by a microcode update and does not require any code changes for VMware products. Please contact your hardware vendor for information on mitigations for this vulnerability.

Based on current evaluations, we do not believe that CVE-2018-3639 or CVE-2018-3640 could allow for VM to VM or Hypervisor to VM Information disclosure. Thus, Hypervisor-Specific Mitigations are not required.

Documentation Summary:

Advisory: VMSA-2018-0012
Source of Truth KB: KB54951
Patching/Upgrade Guide: KB55111
Performance Info: KB55210

Customers should review the available documentation and direct questions to VMware Support.

NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities

Greetings from the VMware Response Center!

Today we wanted to make you aware that NVIDIA has released a security bulletin entitled NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities which details some NVIDIA GPU Display Driver Vulnerabilities and remediation.

CVE-2018-6251 and CVE-2018-6253 have been shown to affect VMware Workstation, but they are not something that we can fully resolve from our end. Therefore, we wanted to make sure you were informed of these issues so that they can be appropriately resolved. In addition, enterprise customers should check the NVIDIA Enterprise Dashboard for additional information.

Customers should review the available documentation and direct technical inquiries to VMware Support for further assistance.

New VMware Security Advisory VMSA-2018-0010

Today VMware has released the following new security advisory:

VMSA-2018-0010Horizon DaaS update addresses a broken authentication issue

This documents the remediation of a moderate severity issue (CVE-2018-6960) in VMware Horizon DaaS that may allow an attacker to bypass two-factor authentication. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

All VMware Horizon DaaS 7.x versions are affected. This issue has been addressed in VMware Horizon DaaS 8.0.0.

We would like to thank Peter Ivezaj, President – Digital Upkeep for reporting this issue to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

New VMware Security Advisory VMSA-2018-0009

Today VMware has released the following new security advisory:

VMSA-2018-0009  – vRealize Automation (vRA) updates address multiple security issues

This documents the remediation of Important and Moderate severity issues (CVE-2018-6958  and CVE-2018-6959).

Issue (a)  CVE-2018-6958 is a DOM-based cross-site scripting (XSS) vulnerability. Exploitation of this issue may lead to the compromise of the vRA user’s workstation.

Issue (b) CVE-2018-6959 is a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user’s session.

vRealize Automation 7.3.1 and 7.4.0 provide remediations for these vulnerabilities.

VMware would like to thank Oliver Matula and Benjamin Schwendemann of ERNW Enno Rey Netzwerke GmbH for reporting these issues to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

VMSA-2018-0004.3

Greetings from the VMware Security Response Center!

It’s time.

Today we released VMSA-2018-0004.3 which documents Hypervisor-Assisted Guest Mitigations for CVE-2017-5715 (Spectre-2).

We thought it would be a good idea to quickly link all of the documentation which has undergone a major change. For newcomers, please familiarize yourself by reading through KB52245 first to get a strong understanding of the various categories of mitigations that VMware has provided.

Major Updates:

Updated Advisory: VMSA-2018-0004.3
Top-level KB: 52245
Patching/Upgrade Guide: 52085
Performance Info: 52337
Intel microcode sightings: 52345

Customers should review the available documentation and direct questions to VMware Support.

New VMware Security Advisory VMSA-2018-0008

Today, VMware has released the following new security advisory:

VMSA-2018-0008Workstation and Fusion updates address a denial-of-service vulnerability

This documents the remediation of an Important severity denial-of-service vulnerability (CVE-2018-6957) affecting VMware Workstation and Fusion. This issue can be triggered by opening a large number of VNC sessions.  In order for exploitation to be possible, VNC must be manually enabled on Workstation and Fusion.

VMware Workstation 14.1.1 and Fusion 10.1.1 fix this issue. Workaround KB52934 is available for VMware Workstation 12.x and Fusion 8.x.

We would like to thank Lilith Wyatt of Cisco Talos for reporting this issue to us.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to speculative execution

I’d like to apologize for the previous blog post, this was an old draft that was later revised. The following is the message we intended to send:

Greetings from the VMware Security Response Center!

We thought we should post an explanation of today’s changes to VMSA-2018-0007 as we have split the the advisory into 2 sections:

a. This section now covers CVE-2017-5753 (Spectre-1), and CVE-2017-5754 (Meltdown) specifically.

b. This section is now devoted to CVE-2017-5715 (Spectre-2).

The reason we have done this is to clarify which of these issues have been mitigated against currently known variants of the different vulnerabilities. Because Meltdown is considered by some to be the most severe/exploitable of the issues, we did not want to wait for complete Spectre-2 mitigations while Spectre-1/Meltdown fixes were ready to ship. We also understand that some customers may want to delay updating until all mitigations are in place. While we strongly recommend taking updates as soon as they become available, we wanted to be transparent about the fact that more updates are on the way.

VMware appliances listed in this advisory are shipping on either Novell SLES or VMware Photon OS. As a result, the mitigations provided for CVE-2017-5715 (Spectre-2) may vary when first released.

Products will be enumerated in section b. when either of the following requirements are met:

1. IBPB/IBRS is supported.
2. Retpoline is supported.

Because this is an ongoing issue, VMware appliances will continue to accept improved open source mitigations as they are created.

VMware Security Advisory VMSA-2018-0007

Today VMware has released the following new and updated security advisories:

VMSA-2018-0007

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

VMware Security Advisory VMSA-2018-0006

Today VMware has released the following new and updated security advisories:

VMSA-2018-0006 – vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.