Security News

VMware has released security updates to fix critical and high severity vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation, allowing for code execution and privilege escalation. One of the security bugs, with a critical severity rating and tracked as CVE-2020-4004, allows attackers with local administrative privileges on a virtual machine to abuse a use-after-free vulnerability in the XHCI USB controller of VMware ESXi, Workstation, and Fusion.

VMware on Thursday announced releasing patches for a couple of serious ESXi vulnerabilities that were demonstrated at a recent hacking contest in China. The 360 ESG Vulnerability Research Institute from Chinese cybersecurity company Qihoo 360 earned more than $740,000 of the total, including $180,000 for a VMware ESXi guest to host escape exploit.

VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful of serious security holes. Vulnerabilities in ESXi hypervisor exploited during a hacking competition.

VMware has revealed and repaired the flaws in its hypervisor discovered at China's Tianfu Cup white hat hacking competition. The bug needs patching in ESXi from version 6.5, VMware's Fusion and Workstation desktop hypervisors from versions 11 and 15 respectively, plus VMware Cloud Foundation from version 3.

VMware on Wednesday patched a total of six vulnerabilities in its SD-WAN Orchestrator product, including flaws that can be chained by an attacker to steer traffic or shut down an enterprise network. Three of the vulnerabilities were reported to VMware by Israel-based cybersecurity consulting firm Realmode Labs.

VMware unveiled the Modern Network framework to enable businesses, and their IT and application development teams, to accelerate adapting to a new normal. The Modern Network framework takes a top-down view, creating a network that understands the needs of the application and programmatically managing infrastructure to meet those needs.

VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. "Updated patch versions in the response matrix of section 3a after release of ESXi patches that completed the incomplete fix for CVE-2020-3992 on 2020-11-04," said Oracle's updated advisory.

VMware on Wednesday informed customers that it has released new patches for ESXi after learning that a fix made available last month for a critical vulnerability was incomplete. VMware said the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the flaw.

VMware announced it has collaborated with Samsung to further extend its leadership in 5G. Through this alliance, the companies seek to help Communication Service Providers meet the requirements of 5G networks and accelerate the roll-out of 5G by optimizing Samsung's portfolio of telco offerings from Core to Edge to RAN for both containerized network functions and virtualized network functions with VMware Telco Cloud Platform. With VMware Telco Cloud Platform, CSPs can deploy a cloud native, software-defined 5G network that will accelerate the delivery of services and applications across distributed telco clouds with operational consistency, integrated lifecycle management and multi-layer automation while maintaining carrier-grade performance, scalability and reliability.

VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution. VMware pointed out that the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the vulnerability.