VMware issues fix for critical virtual machine flaw
VMware has released seven security updates for a number of its virtualisation products, including VMware Workstation, Horizon View Client, VMware Player and Fusion. The most critical fix is for a vulnerability which, if exploited, could enable hackers to break out the virtual machine and execute malicious code on the host operating system.
Kostya Kortchinsky, a security researcher from Google Security, discovered the flaw, which lies with how the printer virtualisation feature allows the virtual machine's guest OS to access the printer attached to the host computer.
This vulnerability is present in the Windows versions of VMware Workstation, VMware Player and Horizon clients.
"On VMware Workstation 11.1, the virtual printer device is added by default to new VMs, and on recent Windows Hosts, the Microsoft XPS Document Writer is available as a default printer," Kortchinsky explained in an advisory. "Even if the VMware Tools are not installed in the Guest, the COM1 port can be used to talk to the Host printing Proxy."
Kortchinsky added that an attacker with access to guest OS could send EMFSPOOL and EMF files to the virtual COM1 serial port in order to exploit various vulnerabilities in the printer proxy process running on the host OS and then execute rogue code.
If a patch cannot be applied, the researcher advises disabling the virtual printer or even removing it entirely from the virtual machine settings.
Some of the other vulnerabilities can also be used to launch a denial-of-service (DoS) attack against Windows system running the vulnerable VMware software.
VMware has addressed these flaws, which mostly resolve around memory corruption issues, in the newly released VMware Workstation 11.1.1 and 10.0.6; VMware Player 7.1.1 and 6.0.6 and the VMware Horizon Client for Windows 3.4.0, 3.2.1 and 5.4.2.