Loading Posts...

Update VMware Workstation/Fusion To Address Integer Overflow Issue VMSA-2018-0030

Recently, VMware has disclosed the status of the integer overflow vulnerabilities in the virtual network devices. It was discovered by Tianwen Tang of Qihoo 360’s Vulcan Team at “The Tianfu Cup PWN Competition”

The white hat hackers earned huge amount of dollars for the zero-day exploits at this competition which took place on 16th and 17th of November in Chengdu, China. Tianwen has received $100,000 for exploiting this integer overflow issue. 

The Virtualization giant VMware has released the Patches to this Vulnerability and it is time to upgrade your VMware workstation and Fusion versions to mitigate the vulnerability. This vulnerability may allow the guest Operating System to execute a malicious code on the host and host can be malfunctioned with these. 

What Are The Affected Versions

Mainly, most of the VMware Workstation 15.x and 14.x and VMware Fusion 10.x and 11.x affected with this and these should be replaced with below versions.  

Product Version Running Operating System New Version Or The Patch
VMware Workstation 15.x Any Operating System 15.0.2
VMware Workstation 14.x Any Operating System 14.1.5
VMware Fusion 11.x OS X 11.0.2
VMware Fusion 10.x OS X 10.1.5

How To Update VMware Workstation

VMware workstation can be upgraded directly to this version (14.1.5) from the updates section. Before you upgrade just check the available version of your VMware workstation. 

Goto Help -> About VMware Workstation in the menu

Check the Running version of the VMware Workstation, if you have the version 14.1.5, you have the latest version at the time of writing this article and you don’t have to worry about that, but in my case I have the update.

To update the version, go to Help -> Software Updates 

Once you get the Software Updates window click on “Check for Updates” button

It will check the updates with the Updates Server

Since, it has the next numbered version for Workstation Pro it will prompt to download Workstation 15. If you are willing to download Workstation, click on “Get More Information” otherwise click cancel to continue the upgrade.

Click on “Download and Install” to start the upgrade

It will start downloading the after that 

It will start the upgrade 

So the next step is nothing special and it’s a generic installation and you need to close the Workstation, (not the installer) in order to start the upgrade.

All done, now you are protected with the Integer Overflow issue (VMSA-2018-0030).

Article Short Link: https://tcrum.net/VMSA-2018-0030

If you found this post as useful please rate the post and share it!

Aruna Lakmal

Associate Technical Specialist at Pearson, Sri Lanka. Technology junky, enthusiast, a VMware vExpert and a blogger with more than 7 years of Experience in Information Technology more focusing on VMware Virtualization, Microsoft and Datacenter Technologies.

Get Updates Directly To Your Inbox!

   

Leave a Reply

Loading Posts...