Security Hero Rotating Header Image

VMWare Patches Released, (Fri, May 29th)

VMWare Patches Released, (Fri, May 29th)

Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution. Here are the two vulnerabilities:
1. VMWare Descheduled Time Accounting driver:
The issue affects the VMWare Descheduled Time Accounting driver and can cause a denial of service in Windows based virtual machines on the vulnerable versions. This driver is an optional (non-

default) part of the VMware Tools installation. However, if the following conditions are met and their tools are not upgraded, virtual machines that are migrated from vulnerable releases are still vulnerable if the following three conditions exist:
– The virtual machine is running a Windows operating system.

– The VMware Descheduled Time Accounting driver is installed

in the virtual machine.

– The VMware Descheduled Time Accounting Service is not running

in the virtual machine

2. libpng package for the ESX 2.5.5 Service Console
The libpng package is used for creating and manipulating PNG (Portable Network Graphics) image format files. A crafted PNG file loaded by an application and linked against libpng could cause the application to crash or to allow arbitrary code execution that would run with the priveleges of the user that is using the application.
Another flaw addresses PNG images that contain unknown chunks. If an application linked against libpng

attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash.


Leave a Reply

Your email address will not be published. Required fields are marked *