VMware Workstation 12.5.5 released, fixes Pwn2Own exploits

VMware

VMware Workstation 12.5

VMware has just released Workstation 12.5.5 which includes bug fixes as well as fixes for several vulnerabilities found in this years Pwn2Own contest, which two hacking teams, 360 Security (@mj011sec) and Team Sniper was able to successfully complete a virtual machine escape.

While these are serious exploits, VMware has said they are not aware of any active exploitation of the vulnerabilities that has now been fixed in 12.5.5.

Issues Resolved in VMware Workstation 12.5.5

  • VMware Workstation Pro has a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues might allow a guest virtual machine to execute code on the host.
  • Heap overflow leading to arbitrary code execution. Critical issue. CVE-2017-4902
  • Uninitialized stack value leading to arbitrary code execution. Critical issue. CVE-2017-4903
  • Uninitialized stack value leading to arbitrary code execution. Critical issue. CVE-2017-4904
  • Uninitialized memory read leading to information disclosure. Moderate issue. CVE-2017-4905
  • Installing VMware Tools on a 64-bit Windows virtual machine might result in an error. After you install VMware Tools on a 64-bit Windows virtual machine, when the virtual machine boots up, the system might display the following error: VMware Tools unrecoverable error: (vthread-4) Exception 0xc0000005 (access violation) has occurred. VMware Workstation 12.5.5 fixes this issue.

The good news is not only did VMware fix these exploits quickly but also shows these types of exploits are not something most script kiddies are typically going to find but instead require someone or teams of someones who are highly skilled and motivated – in the case of Pwn2Own the two teams mentioned above won a combined amount of over $200,000.00 USD to expose these exploits!

View the full Workstation 12.5.5 release notes here.

Similar Posts

  • My VMware View Windows 7 Optimization Guide

    VMware
    10 Comments

    These are the few steps I do when creating a new "Golden" image. Luckily I don’t have to do these steps all the time as I’ll create the "Golden" image when there is a new upgrade such as when we went from View 4.6 to View 5.0.1. I like to have a new fresh machine using new virtual hardware from the start. You could certainly just upgrade the virtual hardware on the "Golden" image, I just prefer to start clean.

    At any rate, here’s my list. Hopefully someone might find it somewhat useful and maybe even others can improve upon it.

    Preparing a new virtual machine

    1. Create New Virtual Machine – FILE > NEW > VIRTUAL MACHINE (CTRL+N)
    2. Under Configuration select CUSTOM.
    3. Select a Name, Folder, Host, Cluster, and Storage.
    4. Under Guest Operating System select Windows and then Windows 7 32bit under the Version drop down.
    5. Select which Network (VLAN) and under Adapter select VMXNET 3.
    6. Configure disk size to 30GB THIN provisioned.

    Read More “My VMware View Windows 7 Optimization Guide”

  • vSphere 5.1 Release Date leaked, maybe?

    VMware
    0 Comments

    Looks like Sammy Bogaert over at Boerlowie’s Blog has possibly found the release date of vSphere 5.1… maybe?

    I was about to download vSphere Update Manager PowerCLI 5.0.

    I followed the main site and wanted to check the documentation first. So I clicked the Documentation button.

    vmware update manager

    This lead me to the Docs of Update Manager PowerCLI 5.1! That’s right, 5.1! With a release date of 10 September 2012.

    vsphere5.1 release date

    None of the links for 5.1 work, so no news on any new features…

    Guess somebody at VMware was a bit too fast to update the website

    Nice find Sammy, guess time will tell if the Sept. 10th date is the actual release date or not.

  • VMware Certified Professional 6 (VCP6-DCV) now available

    VMware
    0 Comments

    VMware VCP DCV

    VMware has just recently announced that the VMware Certified Professional 6 (VCP6-DCV) is now available. The new VCP6 exam is similar to the others in the past whereas the VCP6 aims to validate your ability to deploy, configure, administer and scale a vSphere virtualized data center, including administering and troubleshooting virtualization technologies such as:

    • vSphere HA and DRS Clusters
    • Storage virtualization using VMFS
    • Storage DRS and Storage I/O Control
    • Network virtualization using vSphere standard and distributed switches and Network I/O Control
    • vSphere management using vCenter Server and vRealize Operations Manager Standard
    • Virtual Machines

    Read More “VMware Certified Professional 6 (VCP6-DCV) now available”

  • How to install VMware Workstation 10 on Linux Mint 17.1

    VMware
    0 Comments

    vmware workstation 10 linux mint

    Two goals that I would like to achieve this year is to learn how to program (likely Python) as well as learn more about Linux. So last week I completely wiped my HP laptop that used to run Windows 7 Pro and installed Linux Mint 17.1. However, I had a nested ESXi lab within VMware Workstation when I was running Windows and wanted to do the same on my new Linux install.

    I found this wasn’t just as simple as downloading an .exe and running the file, like it is in Windows. There are a few dependiences that are needed first, below is the steps I took to install VMware Workstation 10 on Linux Mint 17.1.

    Read More “How to install VMware Workstation 10 on Linux Mint 17.1”

  • VMware Site Recovery Manager 8.2 – No more Windows

    VMware
    2 Comments

    VMware has just announced the release of Site Recovery Manager 8.2. There are a number of new items in SRM 8.2, such as enhancements to the HTML5 user interface, support for vSphere 6.7 Update 2, but most notably is Site Recovery Manager 8.2 virtual appliance!

    No more Microsoft Windows license needed! The SRM 8.2 virtual appliance runs on the Photon OS distro, which is similar to what the vCenter virtual appliance has been running on for years now.

    Read More “VMware Site Recovery Manager 8.2 – No more Windows”

  • How to use Site Recovery Manager DR IP Customizer

    VMware
    1 Comment

    As one of the tasks given to me include protecting critical virtual machines via Site Recovery Manager (SRM) I ran into an environment that needed to be protected and have static IP’s assigned to them. The environment consists of about 15 VM’s, all of the VM’s each have 5 NIC’s with two of the VM’s having 9 NIC’s – that’s a lot of NIC’s to manually configure on both the Protected and Recovery side in SRM.

    Looking through the SRM Documentation I was able to see that VMware has graced us with a wonderful tool to greatly speed up this process, dr-ip-customizer.exe!

    How to use VMware DR-IP-Customizer

    Read More “How to use Site Recovery Manager DR IP Customizer”

Leave a Reply

Your email address will not be published. Required fields are marked *