ID: IRCNE2013122037
Date: 2013-12-09
According to "zdnet", VMware has issued an update for several of their hypervisor products to address a privilege escalation vulnerability when running Windows XP, Windows Server 2003 and older versions of Windows as a guest operating system.
The products are VMware Workstation, VMware Fusion and VMware ESXi and ESX. The vector for the attack is a VMware device driver LGTOSYNC.SYS. The file properties for this driver describe it as "VMware/Legato Sync Driver."
The hypervisor itself is not exploitable through this vulnerability, but an unprivileged Windows process could elevate privilege under Windows.
Updated versions may be downloaded at these pages:
- 3