On June 3 and May 29, VMware released patches for security issues in VMware ESX(i) and VMware Workstation, Player, ACE, Server, Fusion, and Server. The issues range from denial of service to code execution on the host system from the guest system. You are advised to review the new security advisories, VMSA-2008-0008 and VMSA-2008-0009, and the updated advisory VMSA-2008-0007 and deploy the patches and new binaries per your security policy.

We like to draw your attention to a special situation with one of the patches listed in VMSA-2008-0009. Installing the new hosted release or the ESX patches alone will not remediate the VMware Tool Privilege Escalation issue.  To fix this issue, the VMware Tools packages will need to be updated on each guest operating system followed by a reboot. This issue affects Windows-based guest operating systems only.

As always, we welcome your comments and questions at security@vmware.com (PGP key).