VMWare Workstation and Fusion users beware! The government’s Cabinet Division has issued a critical cybersecurity advisory regarding serious vulnerabilities in these popular virtualization software programs. These vulnerabilities could allow attackers to gain unauthorized access to systems and potentially steal sensitive data.
What are the vulnerabilities?
The advisory details four concerning vulnerabilities:
- CVE-2024-22267: This vulnerability allows an attacker with local administrative privileges on a virtual machine to potentially execute malicious code on the entire host system. This could grant them complete control over your computer.
- CVE-2024-22268: This vulnerability could be exploited to crash a virtual machine, rendering it unusable (denial-of-service attack).
- CVE-2024-22269 & CVE-2024-22270: These vulnerabilities allow attackers with local administrative privileges to potentially access sensitive information stored within the virtual machine, including potentially privileged data from the host system.
Must Read: PTA Initiates Tender for Advanced Firewalls to Enhance Internet Control in Pakistan
How can these vulnerabilities affect you?
These vulnerabilities pose a significant risk to users of VMWare Workstation and Fusion. If exploited, attackers could steal sensitive data, disrupt your work, or even take control of your entire system.
How to stay safe?
The good news is that these vulnerabilities have been patched by VMWare. To protect yourself, it’s crucial to update your software immediately:
- Update VMWare Workstation to version 17.5.2 or later.
- Update VMWare Fusion to version 13.5.2 or later.
The Cabinet Division urges all users, including government agencies, to implement these updates as soon as possible. By patching these vulnerabilities, you can significantly reduce the risk of a cyberattack.
Remember: Keeping your software up-to-date is essential for maintaining a strong security posture. By following this advisory and patching promptly, you can help safeguard your systems and data.
