Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Privilege Escalation Flaw Haunts VMware Tools

Virtualization technology software giant VMware on Tuesday released patches to fix an important-severity security flaw in the VMware Tools suite of utilities.

The vulnerability, tracked as CVE-2022-31676, could be exploited by attackers to escalate privileges on a compromised system.

Virtualization technology software giant VMware on Tuesday released patches to fix an important-severity security flaw in the VMware Tools suite of utilities.

The vulnerability, tracked as CVE-2022-31676, could be exploited by attackers to escalate privileges on a compromised system.

“VMware Tools was impacted by a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine,” VMWare said in an advisory.

VMware Tools is a suite of utilities used to enhance the performance of the virtual machine’s guest operating system and improves management of the virtual machine. 

The company said the flaw affects VMware Tools on both Windows and Linux platforms.

Related: VMware Calls Attention to High-Severity vCenter Server Flaw

Related: VMware Ships Urgent Patch for Authentication Bypass Security Hole

Related: Exploit Code Published for Critical VMware Security Flaw

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.