VMware Patches Virtual Machine Holes

Friday, March 31, 2017 @ 03:03 PM gHale

VMware released critical patches for vulnerabilities demonstrated during the Pwn2Own hacking contest.

The patches fix four vulnerabilities affecting VMware ESXi, VMware Workstation Pro and Player and VMware Fusion, VMware said in an advisory.

VMware Mitigates AirWatch Holes
VMware Fixes Info Disclosure Holes
VMware Fixes Workstation, Fusion Flaw
VMware Patches Bypass Issues

Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the Common Vulnerabilities and Exposures database, ended up leveraged by a team from Chinese Internet security firm Qihoo 360 as part of an attack demonstrated two weeks ago at Pwn2Own.

The team’s exploit chain started with a compromise of Microsoft Edge, moved to the Windows kernel, and then exploited the two flaws to escape from a virtual machine and execute code on the host operating system. The researchers earned $105,000 for their feat.

Pwn2Own is an annual hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI) program that runs during the CanSecWest conference in Vancouver, British Columbia. Researchers receive cash prizes for demonstrating Zero Day exploits against browsers, operating systems and other popular enterprise software programs.

This year, the contest organizers added prizes for exploits in hypervisors like VMware Workstation and Microsoft Hyper-V.

One team, consisting of researchers from the Keen Lab and PC Manager divisions of Internet services provider Tencent, exploited two other flaws patched by VMware this week: CVE-2017-4904 and CVE-2017-4905. The latter is a memory information leak vulnerability rated only as moderate, but which could help hackers pull off a more serious attack.

Users should update VMware Workstation to version 12.5.5 on all platforms and VMware Fusion to version 8.5.6 on macOS (OS X). Individual patches are also available for ESXi 6.5, 6.0 U3, 6.0 U2, 6.0 U1 and 5.5, where applicable.

Virtual machines are often used to create throw-away environments that pose no threat to the main operating system in case of compromise. A case in point would be if malware researchers execute malicious code and visit suspicious URLs inside virtual machines to observe their behavior. Companies also run many applications inside virtual machines to limit the potential impact if they’re compromised.

One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That’s why VM escape exploits are highly prized among hackers.

Leave a Reply

You must be logged in to post a comment.