Privilege escalation vulnerability in VMware Tools for Windows

Original Issue Date: March 04, 2022

Severity Rating: MEDIUM

Software Affected

VMware Tools for Windows (Versions prior to 12.0.0)

Overview

A Privilege escalation vulnerability has been reported in VMware Tools for Windows which could allow attacker with limited privileges to execute arbitrary code with system privilege.

Description

This vulnerability exists in VMware Tools for Windows due to uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with system privilege.

Solution

Apply appropriate patches as mentioned in the VMware Bulletin:

https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VMTOOLS1200&productId=1259&rPId=85322

https://docs.vmware.com/en/VMware-Tools/12.0/rn/VMware-Tools-1200-Release-Notes.htm

Please Share This Share this content

You Might Also Like

Header splitting Vulnerability in Mozilla Products

Multiple Vulnerabilities in GitLab

Multiple Vulnerabilities in Intel Products

Leave a Reply Cancel reply

Share this content