1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VMware patches virtual machine escape issue on Windows

Discussion in 'Network World' started by RSS, Jun 10, 2015.

  1. RSS

    RSS New Member Member

    VMware has released security updates for several of its virtualization products in order to address critical vulnerabilities that could allow attackers to break out of virtual machines and execute rogue code on the host operating systems.

    The code execution flaws affect the Windows versions of VMware Workstation, VMware Player and VMware Horizon Client. They were discovered by Kostya Kortchinsky of the Google Security Team and stem from a printer virtualization feature that allows a virtual machine’s guest OS to access the printer attached to the host computer.

    “On VMware Workstation 11.1, the virtual printer device is added by default to new VMs, and on recent Windows Hosts, the Microsoft XPS Document Writer is available as a default printer,” Kortchinsky explained in an advisory. “Even if the VMware Tools are not installed in the Guest, the COM1 port can be used to talk to the Host printing Proxy.”

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page