Greetings from the VMware Security Response Center!
Today we released VMSA-2018-0004.3 which documents Hypervisor-Assisted Guest Mitigations for CVE-2017-5715 (Spectre-2).
We thought it would be a good idea to quickly link all of the documentation which has undergone a major change. For newcomers, please familiarize yourself by reading through KB52245 first to get a strong understanding of the various categories of mitigations that VMware has provided.
Updated Advisory: VMSA-2018-0004.3
Top-level KB: 52245
Patching/Upgrade Guide: 52085
Performance Info: 52337
Intel microcode sightings: 52345
Customers should review the available documentation and direct questions to VMware Support.
Today, VMware has released the following new security advisory:
“VMSA-2018-0008 – Workstation and Fusion updates address a denial-of-service vulnerability
This documents the remediation of an Important severity denial-of-service vulnerability (CVE-2018-6957) affecting VMware Workstation and Fusion. This issue can be triggered by opening a large number of VNC sessions. In order for exploitation to be possible, VNC must be manually enabled on Workstation and Fusion.
VMware Workstation 14.1.1 and Fusion 10.1.1 fix this issue. Workaround KB52934 is available for VMware Workstation 12.x and Fusion 8.x.
We would like to thank Lilith Wyatt of Cisco Talos for reporting this issue to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.