Recently, VMware has disclosed the status of the integer overflow vulnerabilities in the virtual network devices. It was discovered by Tianwen Tang of Qihoo 360’s Vulcan Team at “The Tianfu Cup PWN Competition”
The white hat hackers earned huge amount of dollars for the zero-day exploits at this competition which took place on 16th and 17th of November in Chengdu, China. Tianwen has received $100,000 for exploiting this integer overflow issue.
The Virtualization giant VMware has released the Patches to this Vulnerability and it is time to upgrade your VMware workstation of Fusion versions to mitigate the vulnerability. This vulnerability may allow the guest Operating System to execute a malicious code on the host and host can be malfunctioned with these.
What Are The Affected Versions
Mainly, most of the VMware Workstation 15.x and 14.x and VMware Fusion 10.x and 11.x affected with this and these should be replaced with below versions. Unfortunately, there is no a migration or upgrade path to these versions and, uninstalling the old version and re-installing the correct versions is the viable solution.
| Product Version | Running Operating System | New Version Or The Patch |
| VMware Workstation 15.x | Any Operating System | 15.0.2 |
| VMware Workstation 14.x | Any Operating System | 14.1.5 |
| VMware Fusion 11.x | OS X | 11.0.2 |
| VMware Fusion 10.x | OS X | 10.1.5 |
VMware Workstation and Fusion Downloads:
How To Update VMware Workstation
VMware workstation can be upgraded directly to this version (14.1.5) from the updates section. Before you upgrade just check the available version of your VMware workstation.
Goto Help -> About VMware Workstation in the menu
Clik here to view.
Check the Running version of the VMware Workstation, if you have the version 14.1.5, you have the latest version at the time of writing this article and you don’t have to worry about that, but in my case I have the update.
Clik here to view.
To update the version, go to Help -> Software Updates
Clik here to view.
Once you get the Software Updates window click on “Check for Updates” button
Clik here to view.
It will check the updates with the Updates Server
Clik here to view.
Since, it has the next numbered version for Workstation Pro it will prompt to download Workstation 15. If you are willing to download Workstation, click on “Get More Information” otherwise click cancel to continue the upgrade.
Clik here to view.
Click on “Download and Install” to start the upgrade
Clik here to view.
It will start downloading the after that
Clik here to view.
It will start the upgrade
Clik here to view.
So the next step is nothing special and it’s a generic installation and you need to close the Workstation, (not the installer) in order to start the upgrade.
Image may be NSFW.
Clik here to view.
All done, now you are protected with the Integer Overflow issue (VMSA-2018-0030).
References:
Article Short Link: https://tcrum.net/VMSA-2018-0030
If you found this post as useful please rate the post and share it!
The post Update VMware Workstation/Fusion To Address Integer Overflow Issue VMSA-2018-0030 appeared first on TECHCRUMBLE.