A couple of days ago VMware released an important security update for its ESX 3.5 and EX 3.5i products. According to KB article 1009852, updated on April 10th 2009, a critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1244 to this issue.
This issue is different from the vulnerability in a guest virtual device driver reported in VMware security advisory VMSA-2009-0005 on the 3rd of April 2009. That vulnerability can cause a potential denial of service and is identified by CVE-2008-4916.
For those of you not using update manager to download and patch your infrastructures regularly you can download the patch from here and apply it after fully testing it of course!
Loading ...