The Register® — Biting the hand that feeds IT

Feeds

'Let anyone be administrator' bug in VMware snapped shut

Party's over, back to be being a normal Windows user for you

By John Leyden, 11th February 2013
10

Supercharge your infrastructure

VMware has published a security update for its virtualisation software including its ESX, Workstation, Fusion and View products.

A range of applications made by the EMC-owned vendor should therefore be patched to squash a privilege-escalation vulnerability in the VMCI.SYS driver. The flaw affects host machines running Microsoft Windows and guests running the Redmond operating system.

A malicious local user can, thanks to the bug, manipulate and exploit memory allocations using the Virtual Machine Communication Interface (VMCI). As a consequence an attacker can carry out actions that would normally be restricted to a system administrator, such as configuring the host environment or manipulating guest systems on the machine.

But it does not appear to be a hypervisor escape bug: that is, it may not be possible to exploit the hole to leap from a guest into the host environment and thus attack the server running the virtual machines. VMware's VMCI driver is present in the host and guest Windows operating systems and, presumably, this latest vulnerability allows a user local to the guest or host to ramp up their access rights within their respective guest or host environment.

VMware's security advisory has more on the issue in some depth here. The virtualisation firm credits Derek Soeder of Cylance and Kostya Kortchinsky of Microsoft for independently reporting the security bug. ®

5 ways to prepare your advertising infrastructure for disaster

10 Reader Comments

Whitepapers

5 ways to prepare your advertising infrastructure for disaster
Being prepared allows your brand to greatly improve your advertising infrastructure performance and reliability that, in the end, will boost confidence in your brand.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Email delivery: Hate phishing emails? You'll love DMARC
DMARC has been created as a standard to help properly authenticate your sends and monitor and report phishers that are trying to send from your name..
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Email delivery: 4 steps to get more email to the inbox
This whitepaper lists some steps and information that will give you the best opportunity to achieve an amazing sender reputation.
Search more Resources

More from The Register

next story
Chaos Computer Club: iPhone 5S finger-sniffer COMPROMISED
Anyone can touch your phone and make it give up its all
147
Hardbitten NYC cops: Sir, I'm gonna need you to, er, upgrade to iOS 7
Yes, really
84
Hundreds of hackers sought for new £500m UK cyber-bomber strike force
Britain must rm -rf its enemies or be rm -rf'ed, declares defence secretary
49
NSA in new SHOCK 'can see public data' SCANDAL!
What you say on Twitter doesn't stay on Twitter
82
UK's Get Safe Online? 'No one cares' - run the blockbuster ads instead
Something like Jack Bauer's 24 ... whatever it'll take to teach kids how to bat away hackers
42
Sweet murmuring Siri opens stalker vulnerability hole in iOS 7
'Siri, hand over my contacts and history now…'
25
Facebook allows full personal data ransack with Graph Search
Posts, updates, the lot. Our ad sales will boom. Mwu-ha-haaaa ... bitch
25
Yahoo! Pays! Paltry! $12.50! Bug! Bounty! For! Nasty! Email! Vuln!
And even that had to be spent on Yahoo! tat
17
London schoolboy cuffed for BIGGEST DDOS ATTACK IN HISTORY
Bet his parents wish he'd been playing computer games
36
GCHQ's CESG CCP 4 UK GOV IT BFFs? LOL RTFA INFOSEC VIPs ASAP
Yet another security certificate fiddled with by Brit spooks
18
prev story