CrowdStrike Update Causes BSOD Issues Globally – Audit Available 🛡️ Learn more

TRY NOW

VMware Workstation and Fusion Vulnerability Audit – VMSA-2024-0006

Software Vulnerability

Discover VMware Workstation and Fusion Installations Vulnerable to CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255 in Your IT Estate

VMware has released security updates for ESXi, Workstation, and Fusion in response to 4 new vulnerabilities. Together, all 4 of these issues are considered critical with CVSS scores ranging from 7.1 to 9.3. It concerns 2 use-after-free vulnerabilities in the UHCI USB controller (CVE-2024-22252 and CVE-2024-22253), 1 ESXi out-of-bounds write vulnerability (CVE-2024-22254), and an information disclosure vulnerability in UHCI USB controller (CVE-2024-22255). If successfully exploited these issues can lead to remote code execution.

All users are advised to update their installations of VMware ESXi, Workstation, and Fusion to a fixed version as soon as possible. The report below will give you an overview of all vulnerable Workstation and Fusion installations in your network. You can find a similar report for ESXi here. You can read more about these vulnerabilities in the VMWare ESXI, Workstation, and Fusion vulnerability blog post.

VMware Workstation and Fusion Vulnerability Audit Report

VMware VMSA-2024-0006 Workstation and Fusion Vulnerability Audit Lansweeper On-Prem Query

Select distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version,
Case
When (tblSoftwareUni.softwareName like '%VMware Workstation%')
Then '17.5.1 or higher'
End As [Fixed Version],
tblSoftwareUni.SoftwarePublisher As Publisher,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID AND tblSoftwareUni.softwarename like '%VMware Workstation%'
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where 
(Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 17 AND
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 5 AND
Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) < 1) or
(Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 17 AND
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) < 5)
UNION
Select distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblMacApplications.Version As Version,
Case
When tblSoftwareUni.softwareName like '%vmware fusion%'
Then '13.5.1 or higher'
End As [Fixed Version],
tblSoftwareUni.SoftwarePublisher As Publisher,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblMacApplications On tblAssets.AssetID = tblMacApplications.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblMacApplications.softid AND (tblSoftwareUni.softwareName like '%vmware fusion%')
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where
((IsNumeric(ParseName(tblMacApplications.Version, 3)) = 1 AND
Cast(ParseName(tblMacApplications.Version, 3) As bigint) = 13)
AND
(IsNumeric(ParseName(tblMacApplications.Version, 2)) = 1 AND
Cast(ParseName(tblMacApplications.Version, 2) As bigint) = 5 )
AND
(IsNumeric(ParseName(tblMacApplications.Version, 1)) = 1 AND
Cast(ParseName(tblMacApplications.Version, 1) As bigint) < 1)) or
((IsNumeric(ParseName(tblMacApplications.Version, 3)) = 1 AND
Cast(ParseName(tblMacApplications.Version, 3) As bigint) = 13)
AND
(IsNumeric(ParseName(tblMacApplications.Version, 2)) = 1 AND
Cast(ParseName(tblMacApplications.Version, 2) As bigint) < 5 ))

Show

Hide

NO CREDIT CARD REQUIRED

Ready to get started?
You'll be up and running in no time.

Explore all our features, free for 14 days.