VMware has released patches that address a severe security flaw that lies in the VMware Tools suite of utilities. The patch was released on August 23, and fixes CVE-2022-31676. This flaw could be exploited by remote threat actors with local access to the Guest OS. Ultimately the vulnerability could be leveraged to escalate privileges as a root user in the virtual machine environment. The flaw impacts software applicable to both Windows and Linux systems and is an example of the inherent risks of virtualization security.
The privilege escalation vulnerability was evaluated as being in the Important severity range on the Common Vulnerability Scoring System (CVSS). The flaw received a score of 7.0. VMware released an advisory urging its users to implement the patch as soon as possible in order to protect themselves from exploitation of the flaw. The company also provided a link to its External Vulnerability Response and Remediation Policy webpage, which allows users to report additional vulnerabilities and see past security advisories.
Read More: VMware Fixes Privilege Escalation Vulnerabilities in VMware Tools