Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: December 2013

Monthly Archives: December 2013

New VMware Security Advisory VMSA-2013-0016

Today VMware has released the following new security advisory:

VMSA-2013-0016

The advisory documents CVE-2013-5973 “VMware ESXi and ESX unauthorized file access through vCenter Server and ESX”. This issue may allow certain unprivileged users on vCenter Server access to arbitrary files on ESXi/ESX and may allow local unprivileged users on ESX (i.e. ESX 4.0 and ESX 4.1) access to arbitrary files. Modification of files on ESXi or ESX may allow for code execution after a host reboot.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisory and direct any questions to VMware Support.

New VMware Security Advisory VMSA-2013-0015 and updated advisory

Today VMware has released the following new and updated security advisory:

New
VMSA-2013-0015

Updated
VMSA-2013-0007.1

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

New VMware Security Advisory VMSA-2013-0014

Today VMware has released the following new advisory:

VMSA-2013-0014

The advisory documents CVE-2013-3519 “VMware LGTOSYNC.SYS privilege escalation” which affects older Windows-based Guest Operating Systems. On ESXi and ESX, virtual machines running 32-bit versions of Windows 2000 Server, Windows XP or Windows 2003 Server are affected. On Workstation and Fusion, virtual machines running the 32-bit version of Windows XP are affected.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisory and direct any questions to VMware Support.