Advisories

1.0 Introduction
VMware has released security updates to address multiple vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. The vulnerabilities tracked as CVE-2022-22951 and CVE-2022-22952, both the flaws are rated 9.1 out of a maximum of 10 on the CVSS vulnerability scoring system.

2.0 Impact
Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected VMware Carbon Black App Control platform.

3.0 Affected Products
Updates are available include:
• VMware Carbon Black App Control (AppC)

4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform the necessary update. Kindly refer to the below URL:

https://www.vmware.com/security/advisories/VMSA-2022-0008.html

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

• https://www.cisa.gov/uscert/ncas/current-activity/2022/03/24/vmware-releases-security-updates
• https://www.vmware.com/security/advisories/VMSA-2022-0008.html
• https://thehackernews.com/2022/03/vmware-issues-patches-for-critical.html