A security update has been released that fixes a Critical vulnerability in VMware Workstation Pro that could allow an application running in a guest environment to execute a command on the host.
This vulnerability is in the Windows vmnetdhcp service, which is used to assign IP addresses to the guest host via DHCP.
According to a VMware advisory, this vulnerability could allow attackers to perform a denial-of-service attack or execute commands on the Windows host.
"Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine."
This could allow a malicious program, such as malware, to utilize the vulnerability to escape from the guest and take full control over the host PC.
While no known vulnerability exists at this point, as shown by Microsoft's recent SMBv3 vulnerability, researchers and attackers are known to quickly analyze and create proof-of-concept exploits once a vulnerability is announced.
Due to the critical nature of this vulnerability, it is strongly advised that users upgrade VMware Workstation as soon as possible.
The list of affected products are:
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Horizon Client for Windows
VMware Remote Console for Windows (VMRC for Windows)
To resolve this vulnerability, VMware Workstation users should upgrade to version 15.5.2.
Support the originator by clicking the read the rest link below.
