Categories: Security Update

VMware Released Critical Security Updates for Multiple Vulnerabilities Including L1 Terminal Fault

VMware has released Security patches that affected multiple products includes vSphere, Workstation, Fusion, and Virtual Appliances. Successful exploitation of these vulnerability leads to sensitive information disclosure.

VMware Security patches

VMSA-2018-0021

With the security update, VMware address L1 Terminal Fault OS vulnerability in VMware Virtual Appliances, successful exploitation of the vulnerability leads to unauthorized disclosure of information that resides in L1 data cache to an attacker with local user access.

VMware Security UpdatesVMware Security Updates

The vulnerability can be tracked as CVE-2018-3620, the impact of the vulnerability is moderate and the Patches are Pending. VMware recommends contacting your 3rd party operating system vendor to determine the mitigations.

VMSA-2018-0020

VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault. Successful exploitation of the vulnerability allows a VM running in the same CPU core to effectively read another VM’s privileged information that resides in the L1 data cache.

The vulnerability can be tracked as CVE-2018-3646 and it has two attack vectors Sequential-Context and Concurrent-Context. Vmware released patches only the Sequential-context attack vector and the Concurrent-Context can be mitigated by enabling a feature ESXi Side-Channel-Aware Scheduler.

VMSA-2018-0022

The update is to address out-of-bounds write issue with VMware Workstation and Fusion in e1000 device allow a guest user to execute code. The critical Vulnerability can be tracked as CVE-2018-6973.

The code execution vulnerability has been fixed with VMware Workstation Pro/Player version 14.1.3 and with VMware Fusion Pro / Fusion 10.1.3.

Also Read

Adobe Released August Patch Covering 11 Vulnerabilities That Affects Multiple Popular Adobe Products

TLS 1.3 Released – Most Important Security Protocol on the Internet with Extreme Privacy, Security, and Performance

Oracle Released Security Update Addresses a Critical Database Vulnerability That Affects Multiple Versions

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

ThreatBook Recognized as a Notable Vendor in Global Network Analysis and Visibility (NAV) Report

ThreatBook, a global leader cyber threat and response solutions backed by threat intelligence and AI,…

2 hours ago

Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security

A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript…

14 hours ago

Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to…

14 hours ago

Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees

ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate payroll…

15 hours ago

PupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through Telegram

A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some reports),…

15 hours ago

71 Fake Websites Impersonating German Retailer to Steal Payment Information

Recorded Future Payment Fraud Intelligence has uncovered a sprawling network of 71 fraudulent e-commerce domains…

15 hours ago