Vulnerability Found in VMware Tools for Windows

VMware-Tools-for-Windows-Vulnerability

VMware published a security bulletin VMSA-2020-002 (CVE-2020-3941) concerning a vulnerability within VMware Tools 10.

In their security advisory, the virtualization giant explains that "A vulnerability that was removed from VMware Tools 11.0.0 has been determined to affect VMware Tools for Windows version 10.x.y. Workarounds are available to address this vulnerability in all affected versions if you're unable to update to version 11."

The vulnerability allows a local user to gain access to sensitive information or even to expand their rights on a Windows Virtual Machine. The vulnerability is known as a 'Race Condition' meaning that it becomes a bug or threat when one of the few possible behaviors are unwanted.

With a CVSSv3 rating of 7.8, we advise you to update all VMware installations. It has the potential to affect a lot of IT environments since it applies to all versions of VMware Tools 10. To remediate CVE-2020-3941, you can update to version 11.0 or later.

Find Affected VMware Installations in Your Network

If you currently have VMware Tools deployed on your workstations, it's pretty critical that you update them at the earliest opportunity to ensure that you don't fall prey to this exploit. Our VMware Tools Vulnerability Audit Report can tell you in no time which devices still have an outdated Firefox version in place and need to be patched.

VMware vulnerability audit

If you haven't already, start your 30-day Lansweeper trial and audit your network in no time.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​
FREE WHITE PAPER
Why centralized IT Asset Discovery is more crucial than ever.