Simplicity Across Clouds Is Rare
91% of executives are looking to improve “consistency across [their] public cloud environments."
Applications Need to Be Modernized
68% of developers want to expand use of modern application frameworks, APIs and services.
Distributed Work Models Are Here to Stay
72% of enterprise employees are working from non-traditional environments.
Security Is a Top-Down Concern
Risk related to security, data and privacy issues remains the #1 multi-cloud challenge.
Get on a Faster Path to Prod
Build and deploy quickly and securely on any public cloud or on-premises Kubernetes cluster.
Simplify Kubernetes Operations
Build and operate a secure, multi-cloud container infrastructure at scale.
Pair with App Development Experts
Unlock value by modernizing your existing apps and building innovative new products.
Connect and Run with Confidence
Reduce time-to-value, lower costs, and enhance security while modernizing your private and public cloud infrastructure.
Enhance Digital Experiences
Securely, reliably, and optimally connect applications in the cloud and at the edge to deliver unique experiences.
Run enterprise apps at scale with a consistent cloud infrastructure across public clouds, data centers and edge environments.
Deliver an Engaging Experience
Put employees first with device choice, flexibility, and seamless, consistent, high-quality experiences.
Secure Today’s Anywhere Workspace
Ease the move to Zero Trust with situational intelligence and connected control points.
Accelerate IT Modernization
Manage to outcomes — not tasks — with intelligent compliance, workflow and performance management.
Secure & Connect Workloads
Operationalize consistent security and networking across apps, users, and entities with transparency built into our tools.
Protect APIs — the New Endpoints
Increase app velocity and centrally manage, secure, connect, and govern your clusters no matter where they reside.
Get built-in threat intelligence spanning users, endpoints and networks to evolve your protection in a dynamic landscape.
Deliver security and networking as a built-in distributed service across users, apps, devices, and workloads in any cloud.
Work with a VMware Partner
Partners deliver outcomes with their expertise and VMware technology, creating exceptional value for our mutual customers.
Become a Partner
Together with our partners, VMware is building the new multi-cloud ecosystem positioned to become essential to our customers.
VMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems.
VMware Workstation 9.x prior to version 9.0.3
VMware Player 5.x prior to version 5.0.3
VMware Fusion 5.x prior to version 5.0.4
VMware ESXi 5.1 without patch ESXi510-201304102
VMware ESXi 5.0 without patch ESXi500-201303102
VMware ESXi 4.1 without patch ESXi410-201301402
VMware ESXi 4.0 without patch ESXi400-201305401
VMware ESX 4.1 without patch ESX410-201301401
VMware ESX 4.0 without patch ESX400-201305401
a. VMware LGTOSYNC privilege escalation.
VMware ESX, Workstation and Fusion contain a vulnerability in the handling of control code in lgtosync.sys. A local malicious user may exploit this vulnerability to manipulate the memory allocation. This could result in a privilege escalation on 32-bit Guest Operating Systems running Windows 2000 Server, Windows XP or Windows 2003 Server on ESXi and ESX; or Windows XP on Workstation and Fusion.
The vulnerability does not allow for privilege escalation from the Guest Operating System to the host. This means that host memory can not be manipulated from the Guest Operating System.
VMware would like to thank Derek Soeder of Cylance, Inc. for reporting this issue to us.
The Common Vulnerabilityies and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3519 to this issue.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
* Notes on updating VMware Guest Tools:
After the update or patch is applied, VMware Guest Tools must be updated in any pre-existing Windows-based Guest Operating System followed by a reboot of the guest system.
ESXi and ESX
update-from-esxi5.1-5.1_update01.zip contains ESXi510-201304102-SG
ESXi500-201303001.zip contains ESXi500-201303102-SG
ESXi410-201301001 contains ESXi410-201301402-BG
ESXi400-201305001 contains ESXi400-201305401-SG
ESX410-201301001 contains ESX410-201301401-SG
ESX400-201305001 contains ESX400-201305401-SG
Initial security advisory in conjunction with the release of VMware Fusion 5.0.4 on 2013-12-03.
E-mail list for product security notifications and announcements:
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
VMware security response policy
General support life cycle policy
VMware Infrastructure support life cycle policy
Copyright 2013 VMware Inc. All rights reserved.