VMware Workstation, Player, Fusion, and ESXi patches address a vulnerability in VMware Tools which could result in a privilege escalation on Microsoft Windows 8.1.
Apply the missing patch(es).
a. Guest privilege escalation in VMware Tools A kernel NULL dereference vulnerability was found in VMware Tools running on Microsoft Windows 8.1. Successful exploitation of this issue could lead to an escalation of privilege in the guest operating system. The vulnerability does not allow for privilege escalation from the Guest Operating System to the host. This means that host memory can not be manipulated from the Guest Operating System.
ESXi 5.5 without patch ESXi550-201403102-SG ESXi 5.1 without patch ESXi510-201404102-SG ESXi 5.0 without patch ESXi500-201405102-SG
Checks for missing patches.
Updated on 2015-03-25
- VMSA-2013-0009 VMware ESX and ESXi updates to third party libraries
- VMSA-2014-0004 VMware product updates address OpenSSL security vulnerabilities
- VMSA-2013-0004 VMware ESXi security update for third party library
- VMSA-2014-0002 VMware vSphere updates to third party libraries
- VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX