VMware Patches VM Escape Flaw Exploited at Geekpwn Event By Orbit Brain December 14, 2022 0 302 views House › CyberwarfareVMware Patches VM Escape Flaw Exploited at Geekpwn OccasionBy Ryan Naraine on December 13, 2022TweetVirtualization know-how large VMware on Tuesday shipped pressing updates to repair a trio of safety issues in a number of software program merchandise, together with a digital machine escape bug exploited on the GeekPwn 2022 hacking problem.The VM escape flaw, documented as CVE-2022-31705, was exploited by Ant Safety researcher Yuhao Jiang on programs working absolutely patched VMware Fusion, ESXi and Workstation merchandise. The exploit took the highest prize at Geekpwn, a hacking contest run by China-based Tencent Eager Safety Lab.In a safety bulletin issued Tuesday, VMWare slapped a CVSS severity ranking of 9.3/10 and warned {that a} malicious actor with native administrative privileges on a digital machine could exploit this difficulty to execute code because the digital machine’s VMX course of working on the host“On ESXi, the exploitation is contained inside the VMX sandbox whereas, on Workstation and Fusion, this will likely result in code execution on the machine the place Workstation or Fusion is put in,” VMware added.[ Read: VMware Confirms Workspace One Exploits in the Wild ]VMware documented the bug as a heap out-of-bounds write vulnerability within the USB 2.zero controller (EHCI).The corporate additionally launched fixes cowl a pair of command injection and listing traversal bugs affecting the VMware vRealize Community Perception (vRNI) product.“[The] vRealize Community Perception (vRNI) accommodates a command injection vulnerability current within the vRNI REST API. VMware has evaluated the severity of this difficulty to be within the important severity vary with a most CVSSv3 base rating of 9.8,” the corporate mentioned in a critical-severity advisory.“A malicious actor with community entry to the vRNI REST API can execute instructions with out authentication,” VMware added.Associated: NSA Outs Chinese language Hackers Exploiting Citrix Zero-DayAssociated: Exploit Code Revealed for Essential VMware Safety FlawAssociated: Fortinet Ships Emergency Patch for Already-Exploited VPN FlawGet the Day by day Briefing Most LatestMost LearnPatch Tuesday: Microsoft Plugs Home windows Gap Exploited in Ransomware AssaultsAdobe Patches 38 Flaws in Enterprise Software program MerchandiseVMware Patches VM Escape Flaw Exploited at Geekpwn OccasionMapping Risk Intelligence to the NIST Compliance FrameworkNSA Outs Chinese language Hackers Exploiting Citrix Zero-DaySnyk Raises $196.5 Million at $7.four Billion ValuationPasskeys Now Totally Supported in Google ChromeRansomware Group Threatens to Publish Knowledge Stolen From California Division of FinanceNew Python-Based mostly Backdoor Focusing on VMware ESXi ServersTwitter Responds to Latest Knowledge Leak ReviewsIn search of Malware in All of the Unsuitable Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureHow one can Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingHow one can Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp code execution CVE-2021-22005 CVE-2022-31705 cvss ESXi geekpwn high-risk keen team patches Tencent updates vcenter server virtualization vmware vmx sandbox vulnerability Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
NATO’s Team in Albania to Help on Iran-Alleged CyberattackIntroducing the Cyber Security News NATO’s Team in Albania to Help on Iran-Alleged Cyberattack.... September 22, 2022 Cyber Security News
FoxIt Patches Code Execution Flaws in PDF ToolsIntroducing the Cyber Security News FoxIt Patches Code Execution Flaws in PDF Tools.... December 19, 2022 Cyber Security News
Netwrix Auditor Vulnerability Can Facilitate Attacks on EnterprisesIntroducing the Cyber Security News Netwrix Auditor Vulnerability Can Facilitate Attacks on Enterprises.... July 20, 2022 Cyber Security News
ÆPIC Leak: Architectural Bug in Intel CPUs Exposes Protected DataIntroducing the Cyber Security News ÆPIC Leak: Architectural Bug in Intel CPUs Exposes Protected Data.... August 10, 2022 Cyber Security News
CircleCI Hacked via Malware on Employee LaptopIntroducing the Cyber Security News CircleCI Hacked via Malware on Employee Laptop.... January 16, 2023 Cyber Security News
Organizations Warned of Critical Confluence Flaw as Exploitation ContinuesIntroducing the Cyber Security News Organizations Warned of Critical Confluence Flaw as Exploitation Continues.... August 1, 2022 Cyber Security News
Pantera Capital Plans $250M Solana (SOL) Buy, Analyst Predicts Record Rally Toward $1000March 8, 2024 74
