Recently, VMware has disclosed the status of the integer overflow vulnerabilities in the virtual network devices. It was discovered by Tianwen Tang of Qihoo 360’s Vulcan Team at “The Tianfu Cup PWN Competition”
The white hat hackers earned huge amount of dollars for the zero-day exploits at this competition which took place on 16th and 17th of November in Chengdu, China. Tianwen has received $100,000 for exploiting this integer overflow issue.
The Virtualization giant VMware has released the Patches to this Vulnerability and it is time to upgrade your VMware workstation and Fusion versions to mitigate the vulnerability. This vulnerability may allow the guest Operating System to execute a malicious code on the host and host can be malfunctioned with these.
What Are The Affected Versions
Mainly, most of the VMware Workstation 15.x and 14.x and VMware Fusion 10.x and 11.x affected with this and these should be replaced with below versions.
| Product Version | Running Operating System | New Version Or The Patch |
| VMware Workstation 15.x | Any Operating System | 15.0.2 |
| VMware Workstation 14.x | Any Operating System | 14.1.5 |
| VMware Fusion 11.x | OS X | 11.0.2 |
| VMware Fusion 10.x | OS X | 10.1.5 |
VMware Workstation and Fusion Downloads:
How To Update VMware Workstation
VMware workstation can be upgraded directly to this version (14.1.5) from the updates section. Before you upgrade just check the available version of your VMware workstation.
Goto Help -> About VMware Workstation in the menu
Check the Running version of the VMware Workstation, if you have the version 14.1.5, you have the latest version at the time of writing this article and you don’t have to worry about that, but in my case I have the update.
To update the version, go to Help -> Software Updates
Once you get the Software Updates window click on “Check for Updates” button
It will check the updates with the Updates Server
Since, it has the next numbered version for Workstation Pro it will prompt to download Workstation 15. If you are willing to download Workstation, click on “Get More Information” otherwise click cancel to continue the upgrade.
Click on “Download and Install” to start the upgrade
It will start downloading the after that
It will start the upgrade
So the next step is nothing special and it’s a generic installation and you need to close the Workstation, (not the installer) in order to start the upgrade.
All done, now you are protected with the Integer Overflow issue (VMSA-2018-0030).
References:
Article Short Link: https://tcrum.net/VMSA-2018-0030
If you found this post as useful please rate the post and share it!
