Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: November 2013

Monthly Archives: November 2013

New VMware Security Advisory VMSA-2013-0013

Today VMware has released the following new advisory:


The advisory documents CVE-2013-5972 “VMware Workstation host privilege escalation vulnerability” which is also known as “slamware”.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisory and direct any questions to VMware Support.

VMware CP&C releases vSphere 5.5 Compliance Checker!

VMware Center for Policy and Compliance (CP&C) team is pleased to announce the general availability of VMware vSphere 5.5 Compliance Checker – an excellent FREE tool to get you started with compliance assessment of your virtual infrastructure with respect to vSphere 5.5 hardening guide.

The tool can be downloaded here.

You can use this tool for vSphere 5.0, 5.1 and 5.5.

While these simple Compliance Checkers provide some basic functionality and benefits, VMware also offers VMware vCenter Configuration Manager, which automates configuration and compliance management across your virtual, physical and cloud environments, assessing them for operational and security compliance. It comes with capabilities such as compliance management, change management, patch management, software inventory management and other useful features.

vCenter Configuration Manager is a component of VMware vCenter Operations Management Suite, which helps you manage the performance, capacity and configuration of your virtual and physical infrastructure.

So, what are you waiting for? Grab these checkers quickly and roll on the compliance!

Come, join the journey to Start Green Stay Green!

Thanks and regards,
Pravin Goyal

VMware CP&C releases Microsoft Security Advisory 2896666 toolkit for VCM!

The VMware Center for Policy & Compliance (CP&C) is pleased to announce the availability of The Microsoft Security Advisory 2896666 toolkit for VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite for all  Windows platforms.  The toolkit verifies that the Tiff Codec is disabled within the operating system thus eliminating the possibility of the system being vulnerable.  For detailed information on the Microsoft Security Advisory 2896666 go to http://technet.microsoft.com/en-us/security/advisory/2896666.


vSphere Security Blog Update


Those of you that follow the vSphere Security blog are probably wondering why there hasn’t been much information posted here. I have been posting in the vSphere Blog in order to get more eyes on the security messaging of vSphere. I would encourage you to follow me there or at @vSphereSecurity on Twitter for more frequent updates.

Please note that the big news is the release of the vSphere 5.5 Hardening Guide. This release comes less than 3 weeks after the general availability of vSphere 5.5. If you have input into future hardening guide releases, please don’t hesitate to contact me!

Here’s a list of a few of the more recent items that I’ve posted in case you missed them.

  1. The vSphere 5.5 Hardening Guide has been released!
  2. vSphere Web Client Roles and Permissions How-To Video
  3. Virtual Appliances getting more secure with vSphere 5.5 – Part 1
  4. Virtual Appliances getting more secure with vSphere 5.5 – Part 2
  5. Virtual Appliances getting more secure with vSphere 5.5 – Part 3
  6. Virtual Appliances getting more secure with vSphere 5.5 – Part 4
  7. ESXi, syslog and logins
  8. “It’s a Unix system, I know this!”
  9. Grant shell access to this user? No worries mate!
  10. Skating your way to the SDDC

Thanks for all your interest in making vSphere an even better and more secure platform. I encourage you to get involved and reach out to me with your input, thoughts and concerns. Security is not a destination, it’s a journey so we can always be working to make things better!