Saturday, October 12, 2024
HomeSecurity UpdateVMware Released Critical Security Updates for Multiple Vulnerabilities Including L1 Terminal Fault

VMware Released Critical Security Updates for Multiple Vulnerabilities Including L1 Terminal Fault

Published on

Malware protection

VMware has released Security patches that affected multiple products includes vSphere, Workstation, Fusion, and Virtual Appliances. Successful exploitation of these vulnerability leads to sensitive information disclosure.

VMware Security patches

VMSA-2018-0021

With the security update, VMware address L1 Terminal Fault OS vulnerability in VMware Virtual Appliances, successful exploitation of the vulnerability leads to unauthorized disclosure of information that resides in L1 data cache to an attacker with local user access.

- Advertisement - SIEM as a Service
VMware Security Updates

The vulnerability can be tracked as CVE-2018-3620, the impact of the vulnerability is moderate and the Patches are Pending. VMware recommends contacting your 3rd party operating system vendor to determine the mitigations.

VMSA-2018-0020

VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault. Successful exploitation of the vulnerability allows a VM running in the same CPU core to effectively read another VM’s privileged information that resides in the L1 data cache.

VMware Security Updates

The vulnerability can be tracked as CVE-2018-3646 and it has two attack vectors Sequential-Context and Concurrent-Context. Vmware released patches only the Sequential-context attack vector and the Concurrent-Context can be mitigated by enabling a feature ESXi Side-Channel-Aware Scheduler.

VMSA-2018-0022

The update is to address out-of-bounds write issue with VMware Workstation and Fusion in e1000 device allow a guest user to execute code. The critical Vulnerability can be tracked as CVE-2018-6973.

VMware Security Updates

The code execution vulnerability has been fixed with VMware Workstation Pro/Player version 14.1.3 and with VMware Fusion Pro / Fusion 10.1.3.

Also Read

Adobe Released August Patch Covering 11 Vulnerabilities That Affects Multiple Popular Adobe Products

TLS 1.3 Released – Most Important Security Protocol on the Internet with Extreme Privacy, Security, and Performance

Oracle Released Security Update Addresses a Critical Database Vulnerability That Affects Multiple Versions

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Parrot Security OS 6.1 Released – What’s New

The Parrot Security team has officially announced the release of Parrot OS 6.1, the...

SAP Security: Code Injection & Other Vulnerabilities Patched

Organizations using SAP products are urged to prioritize patching vulnerabilities outlined in the latest...

Android Security Updates: 2023 – 37 Vulnerabilities Patched Including RCE, DOS

Android has fixed 37 vulnerabilities that were impacting its devices with the release of...