Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: December 2014

Monthly Archives: December 2014

New VMware Security Advisory VMSA-2014-0014

Today VMware has released the following new security advisory:

VMSA-2014-0014

The advisory documents CVE-2014-8372, an information disclosure vulnerability in AirWatch by VMware. AirWatch Cloud has been patched to resolve this issue, On-Premise deployments must be updated.

Customers should review the security advisory and direct any questions to VMware Support.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories

New VMware Security Advisory VMSA-2014-0013

Today VMware has released the following new security advisory:

VMSA-2014-0013

The advisory documents CVE-2014-8373, a critical remote privilege escalation vulnerability in vCloud Automation Center (vCAC). It is important to note that the provided patches will temporarily disable the vCAC “Connect (by) Using VMRC” functionality for directly connecting to vCenter Server.

Customers should review the security advisory and direct any questions to VMware Support.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Changes to Transparent Page Sharing reminder and new and updated VMware Security Advisories

As previously noted (Oct 16 and Nov 24) VMware has introduced new TPS (Transparent Page Sharing) management options that give administrators more granular control over which Virtual Machines have the potential to share duplicate pages of memory with each other. The previous ESXi patch releases incorporated the additional functionality but did not change the default behavior. Todays update of ESXi 5.1 is the first release that restricts TPS to individual VMs and disables inter-VM TPS by default unless an administrator chooses to re-enable it. Please see KB 2097593 for full details on the functionality.

Additionally VMware has today released the following new and updated advisories:
New
VMSA-2014-0012 

Updated
VMSA-2014-0002.4
VMSA-2014-0008.2

The new advisory details the fix of a Cross Site Scripting issue (CVE-2014-3797), a certificate validation issue (CVE-2014-8371) and updates to third-party libraries in VMware vSphere.

Customers should review the security advisory and direct any questions to VMware Support.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.