Vulnerability in VMware products allows code execution on a virtual machine host system

Chinese information security specialists have discovered visibility in VMware products, which allows an attacker to access the virtual machine and execute code on the host system.

The error was exploited during the PwnFest hacker competition, which took place as part of the Power of Community conference held in South Korea. Members of the Chinese research team Qihoo 360 also managed to crack a new smartphone from Google called Pixel, as well as Microsoft Edge and Adobe Flash, winning a total of more than half a million dollars in prize money - according to media reports, VMware was valued at $ 150,000.
')

What is the problem

Vulnerability CVE-2016-7461 is a drag-and-drop bug in VMware Workstation Pro and Player, as well as VMware Fusion and Fusion Pro.

According to the information provided in the VMware security bulletin, it allows access to the host system, in fact, to the hypervisor and, further, to all systems under its control, from the guest domain (isolated system).

guest user to execute code in the operating system of the computer on which the virtual machine is running.

How to protect

According to the company, the vulnerabilities are exposed to Workstation 12.x and Fusion 8.x - users are encouraged to upgrade to systems version 12.5.2 and 8.5.2, respectively.

According to VMware representatives, protection against exploitation of the vulnerability can also be achieved by disabling drag-and-drop and copy-and-paste (C & P) functions in Workstation Pro and Fusion. However, this method does not work for Workstation Player.

You can detect systems affected by this vulnerability using the MaxPatrol 8 system.

Vulnerabilities and exploits that allow attacking the host system of virtual machines appear regularly. So, in July 2015, a patch was released for a similar error in the QEMU emulator for the Xen hypervisor. In addition, in early November of this year, Austrian researchers presented a DRAMA attack , which allows them to steal data directly from isolated virtual machines.