VMware releases patch for Workstation, Fusion and ESXi critical issues
Take action: If you are using VMWare Workstation or Fusion, this patch is urgent. For ESXi it's important since there is an VM guest escape scenario but not that urgent to patch today.
Learn More
VMware released patches for critical vulnerabilities in its ESXi, Workstation, Fusion, and Cloud Foundation products.
Two of these vulnerabilities, CVE-2024-22252 and CVE-2024-22253 both with CVSS score 9.3, are particularly concerning as they enable a malicious actor with local admin privileges on a virtual machine to execute code as the virtual machine's VMX process on the host. This level of access could lead to significant breaches or compromises within affected systems.
Impacted systems are
-
VMware ESXi 8.0
-
VMware ESXi 7.0
-
VMware Workstation 17.x
-
VMware Fusion 13.x (MacOS)
-
VMware Cloud Foundation (ESXi) 5.x/4.x
To mitigate these threats, VMware has released patches even for some end-of-life products, underlining the critical nature of these vulnerabilities and the potential risk they pose. Customers are urged to apply these updates as soon as possible.
