Today VMware has released the following new security advisory:
The advisory documents CVE-2014-8373, a critical remote privilege escalation vulnerability in vCloud Automation Center (vCAC). It is important to note that the provided patches will temporarily disable the vCAC “Connect (by) Using VMRC” functionality for directly connecting to vCenter Server.
Customers should review the security advisory and direct any questions to VMware Support.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.