VMware patches critical virtual machine escape flaws
Security

VMware patches critical virtual machine escape flaws

VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.

The patches fix four vulnerabilities that affect VMware ESXi, VMware Workstation Pro and Player and VMware Fusion.

Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the Common Vulnerabilities and Exposures database, were exploited by a team from Chinese internet security firm Qihoo 360 as part of an attack demonstrated two weeks ago at Pwn2Own.

The team's exploit chain started with a compromise of Microsoft Edge, moved to the Windows kernel, and then exploited the two flaws to escape from a virtual machine and execute code on the host operating system. The researchers were awarded $105,000 for their feat.

Pwn2Own is an annual hacking contest organized by Trend Micro's Zero Day Initiative (ZDI) program that runs during the CanSecWest conference in Vancouver, Canada. Researchers receive cash prizes for demonstrating zero-day -- previously unknown -- exploits against browsers, operating systems and other popular enterprise software programs.

This year, the contest organizers added prizes for exploits in hypervisors like VMware Workstation and Microsoft Hyper-V and two teams stepped up to the challenge.

The second team, made up of researchers from the Keen Lab and PC Manager divisions of internet services provider Tencent, exploited the two other flaws patched by VMware this week: CVE-2017-4904 and CVE-2017-4905. The latter is a memory information leak vulnerability that is rated only as moderate, but which could help hackers pull off a more serious attack.

Users are advised to update VMware Workstation to version 12.5.5 on all platforms and VMware Fusion to version 8.5.6 on macOS (OS X). Individual patches are also available for ESXi 6.5, 6.0 U3, 6.0 U2, 6.0 U1 and 5.5, where applicable.

Virtual machines are often used to create throw-away environments that pose no threat to the main operating system in case of compromise. For example, malware researchers execute malicious code and visit suspicious URLs inside virtual machines to observe their behavior. Companies also run many applications inside virtual machines to limit the potential impact if they're compromised.

One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That's why VM escape exploits are highly prized among hackers.

IDG Insider

PREVIOUS ARTICLE

«Here's proof that Ryzen can benefit from optimized game code

NEXT ARTICLE

Before suing Uber, Waymo initiated action against former engineer»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?