1.0 Introduction
VMware has released a security update to address the vulnerability in VMWare Tools. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. The vulnerability was tracked as CVE-2022-31676 and rated 7.0 out of 10 on the CVSS vulnerability scoring system.
2.0 Impact
The exploitation of this vulnerability may allow an attacker to take control of an affected system.
3.0 Affected Products
Updates are available include:
• VMware Tools version 12.x.y, 11.x.y (Windows)
• VMware Tools version 12.x.y, 11.x.y, 10.x.y (Linux)
4.0 Recommendations
Users and administrators should review the URLs below and perform the necessary update. Kindly refer to the below URL:
https://www.vmware.com/security/advisories/VMSA-2022-0024.html
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, don't hesitate to get in touch with MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
1) https://www.cisa.gov/uscert/ncas/current-activity/2022/08/23/vmware-releases-security-update
2) https://www.vmware.com/security/advisories/VMSA-2022-0024.html