VMware has issued a critical security alert for
- VMware ESXi (ESXi)
- VMware vCenter Server
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro, Fusion (Fusion)
regarding a number of issues. The most important is an out-of-bounds write vulnerability in VMware’s products allows guests to break out of their isolation. This means a malicious actor who has compromised a virtual host could escape the constraints of the virtual machine and execute malicious code on the machine the VM is running on. Anyone running these applications should check VMware’s site (below) and apply the appropriate patches as soon as possible.
References:
https://www.vmware.com/security/advisories/VMSA-2017-0015.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4924