Security News > 2022 > January > Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover

A security vulnerability in VMware's Cloud Foundation, ESXi, Fusion and Workstation platforms could pave the way for hypervisor takeover in virtual environments - and a patch is still pending for some users.

ESXi is a bare-metal hypervisor that installs on a server and partitions it into multiple virtual machines.

Fusion is a software hypervisor that allows Intel-based Macs to run VMs with guest operating systems - such as Microsoft Windows, Linux, NetWare, Solaris or macOS. Workstation enables users to set up VMs on a single physical machine.

Affected product versions are: ESXi 6.5, 6.7 and 7; Fusion 12.x; Workstation 16.x; and all versions of VMware Cloud Foundation.

ESXi users are especially at risk: While the solution makes it easy for multiple VMs to share the same hard-drive storage, it also sets systems up to be one-stop shopping spots for attacks, researchers say, since attackers can target the centralized virtual hard drives used to store data from across VMs. "ESXi servers represent an attractive target for ransomware threat actors because they can attack multiple VMs at once, where each of the VMs could be running business-critical applications or services," Andrew Brandt, principal researcher at Sophos, recently explained.

Of course, all of that is bad news for ESXi v.7 users, who don't yet have a patch for this latest bug.

News URL

https://threatpost.com/unpatched-vmware-bug-hypervisor-takeover/177428/