VMware ACE 1.0 Release Notes
Knowledge Base |
Release Date: November 06, 2008
Build Number: 125922
VMware ACE allows security administrators to protect critical company resources against the risks that unmanaged computers present. This document also contains new features, limitations, caveats, security fixes, and general release information.
This document covers the following topics:
What's New in VMware ACE 1.0.x
This section lists all VMware ACE 1.0.x maintenance releases.
What's New in ACE 1.0.1
VMware ACE 1.0.1 provides the following features:
Support for BIOS Passwords
For enhanced security, the administrator can set a BIOS password to prevent unauthorized changes to the BIOS settings of a virtual machine.
Support for Drag and Drop Function
You can use drag and drop to copy files between a virtual machine running in a VMware ACE environment and the host computer. The administrator who is configuring the virtual machine can enable or disable this feature.
In VMware ACE Manager, choose VM > Settings > Options
> Guest Isolation. The setting applies to the individual virtual machine.
Enhanced Full Screen Display
Running a VMware ACE environment in full screen mode does not change the resolution of the host display. The VMware ACE environment automatically adjusts according to the changes in host's display resolution while VMware ACE is running. If the display resolution of the VMware ACE environment is higher than that of the host, scroll bars allow the user to move in the VMware ACE display. VMware ACE is aware of multiple monitors, if they are configured on the host. These enhancements improve the end-user experience.
Support for Guest Operating Systems
This release adds support for the following guest operating systems:
- Windows Server 2003 Service Pack 1
- Novell Linux Desktop 9
- Red Hat Enterprise Linux 4
- Red Hat Enterprise Linux 3 Update 4
- Red Hat Enterprise Linux 3 Update 3
- Red Hat Enterprise Linux 2.1 Update 6
- SUSE LINUX Enterprise Server 9 Service Pack 1
- SUSE LINUX 9.2
What's New in VMware ACE 1.0
VMware ACE 1.0 provides the following features:
- Design once, deploy anywhere — Create standardized hardware-independent PC environments and deploy them to any PC throughout the extended enterprise.
- Virtual Rights Management interface — Controls VMware ACE lifecycle, security settings, network settings, system configuration, and user interface capabilities.
- Rules-based network access — Identify and quarantine unauthorized or out-of-date VMware ACE environments. Enable access to the network after the VMware ACE environment complies with IT policies.
- Tamper-resistant computing environment — Protect the entire VMware ACE environment, including data and system configuration, with seamless encryption.
- Copy protected computing environment — Prevent end users from copying enterprise information.
- Customizable interface — Customize the behavior and look and feel for end users.
- Flexible computing environment — End users can revert to a previous state within seconds and can work online or when disconnected from the enterprise network.
Before You Begin
Installing on a Computer with a Different VMware Product
VMware ACE Manager cannot be installed on a computer where VMware Workstation or VMware Server is installed. If you have one of these products installed on the computer where you want to install VMware ACE Manager, use the Add/Remove Programs in the control panel to remove the existing product, and then install VMware ACE Manager.
You can install VMware ACE Manager on a computer that has VMware Remote Console or VMware VirtualCenter installed.
Follow the same guidelines for the VMware ACE application installed on end user computers.
Creating and Adding Virtual Machines
You can create new virtual machines in a VMware ACE project.
VMware ACE also allows you to use an existing virtual
machine, created under VMware Workstation 4.x or VMware Server 3.x,
in a project.
Install the Latest Version of VMware Tools
If you use virtual machines — either virtual machine created
in a different VMware product or virtual machine created in an earlier
release of VMware ACE — ensure that you install the version of VMware Tools
included in the latest release (in virtual machine, select Install VMware Tools).
The New Package Wizard stops you from creating a package if the
virtual machines do not have the current version of VMware Tools.
The following are known issues with VMware ACE
When you attempt to install VMware ACE 1.0.x on a host that already has a higher 1.0.x or 2.0.x version of ACE installed, the installation incorrectly indicates that a previous version of ACE is installed. If you proceed with installing, the higher version of VMware ACE is uninstalled and replaced with the lower version.
Manually uninstall the latest version before proceeding with the installation of the older version.
In the Japanese version of VMware ACE, text is corrupted in the installer during upgrades from VMware ACE versions 1.0.0, 1.0.1, 1.0.2, 1.0.3, or 1.0.4 to VMware ACE version 2.0.x.
Fixed in 1.0.8 | Fixed in 1.0.7 | Fixed in 1.0.5 | Fixed in 1.0.4 | Fixed in 1.0.3 | Fixed in 1.0.2 | Fixed in 1.0.1
This section provides the details of the issues resolved in various versions of VMware ACE 1.0.x.
VMware ACE 1.0.8
ACE 1.0.8 addresses the following security issue:
VMware Addresses Privilege Escalation on Guest Systems Running 32-Bit or 64-Bit Operating Systems
VMware products emulate hardware functions and create the possibility to run guest operating systems.
A flaw in the CPU hardware emulation might allow the virtual CPU to incorrectly handle the trap flag. Exploitation of this flaw might lead to a privilege escalation on guest operating systems.
An attacker needs a user account on the guest operating system and have the ability to run applications.
The Common Vulnerabilities and Exposures has assigned the name CVE-2008-4915 to this issue.
VMware ACE 1.0.7
ACE 1.0.7 addresses the following security issues:
Setting ActiveX killbit
Starting from this release, VMware has set the killbit on its ActiveX controls. Setting the killbit ensures that the ActiveX controls cannot run in Internet Explorer (IE), and avoids security issues involving ActiveX controls in IE. See the KB 240797 from Microsoft and the related references on this topic.
Security vulnerabilities have been reported for ActiveX controls provided by VMware when run in IE. Under specific circumstances, exploitation of these ActiveX controls might result in denial-of-service or allow running of arbitrary code when the user browses a malicious Web site or opens a malicious file in IE browser. An attempt to run unsafe ActiveX controls in IE might result in pop-up windows warning the user.
IE can be configured to run unsafe ActiveX controls without prompting. VMware recommends that you retain the default settings in IE, which prompts when unsafe actions are requested.
Earlier, VMware had issued knowledge base articles, KB 5965318 and KB 9078920 on security issues with ActiveX controls.
To avoid malicious scripts that exploit ActiveX controls, do not enable unsafe ActiveX objects in your browser settings. As a best practice, do not browse untrusted Web sites as an administrator and do not click OK or Yes if prompted by IE to allow certain actions.
The Common Vulnerabilities and Exposures project has assigned the names CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696 to the security issues with VMware ActiveX controls.
Security Fix for Local Privilege Escalation on Host System
This release fixes a privilege escalation vulnerability in the host operating system. Exploitation of this vulnerability allows users to run arbitrary code on the host system with elevated privileges.
The Common Vulnerabilities and Exposures project has assigned the name CVE-2008-3698 to this issue.
Update to FreeType
FreeType 2.3.6 resolves an integer overflow vulnerability and other vulnerabilities that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted file. This release updates FreeType to its latest version 2.3.7.
The Common Vulnerabilities and Exposures has assigned the names CVE-2008-1806,
CVE-2008-1807, and CVE-2008-1808 to the issues resolved in FreeType 2.3.6.
VMware ACE 1.0.5
ACE 1.0.5 addresses the following security issues:
- An internal security audit determined that a malicious user might attain the LocalSystem privileges. The user might make the authd process connect to a named pipe that is opened and controlled by the malicious user. In this situation, the malicious user might successfully impersonate authd and attain privileges under which authd is running.
- An internal security audit determined that a malicious user might exploit a nonsecure pipe object to escalate privileges or create a denial-of-service attack.
- A security vulnerability in OpenSSL 0.9.7j might make it possible to forge an RSA key signature. VMware ACE 1.0.5 upgrades OpenSSL to version 0.9.7l to prevent this vulnerability.
RSA Signature Forgery — CVE-2006-4339)
- This release updates the libpng library version to 1.2.22 to prevent various security vulnerabilities.
- A vulnerability in VMware ACE running on Windows allowed complete access to the host's file system from a guest machine. This access included the ability to create and modify executable files in sensitive locations.
- The authd process read and honored the vmx.fullpath variable in the user-writable file config.ini, creating a security vulnerability.
- A non administrator might be bale to modify the config.ini file to change the VMX launch path. This created a vulnerability that can be exploited to escalate user privileges.
VMware ACE 1.0.4
ACE 1.0.4 addresses the following security issues:
In addition, VMware ACE 1.0.4 fixes the following issue:
- This release fixes several security vulnerabilities in the VMware DHCP server, which might enable a malicious Web page to gain system-level privileges.
The Common Vulnerabilities and Exposures assigned the following names to these issues: CVE-2007-0061, CVE-2007-0062, and CVE-2007-0063.
Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities.
- This release fixes a security vulnerability that might allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and potentially allow running of arbitrary code on the host. The Common Vulnerabilities and Exposures project assigned the following name to this issue: CVE-2007-4496.
Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
- This release fixes a security vulnerability that might allow a guest operating system user without administrator privileges to cause a host process to stop responding or exit unexpectedly, making the guest operating system unusable. The Common Vulnerabilities and Exposures project assigned the following name to this issue: CVE-2007-4497.
Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
- This release fixes an issue that prevented VMware Player from launching. This issue was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. This issue might result in a security vulnerability from some images stored in virtual machines downloaded by the user.
- This release fixes a security vulnerability that might allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system.
The Common Vulnerabilities and Exposures assigned the following name to this issue: CVE-2007-4059.
Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
- This release fixes a security vulnerability that might allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system.
The Common Vulnerabilities and Exposures assigned the following names to this issue: CVE-2007-4155.
Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
- This release fixes an issue that might result in a security vulnerability from some images stored in virtual machines downloaded by the user.
- This release fixes a security vulnerability in which VMware ACE was starting registered Windows services such as the Authorization service with bare (unquoted) paths, such as c:\program files\vmware\.... Applications and services in Windows must be started with a quoted path. This vulnerability might allow a malicious user to escalate user privileges.
Thanks to Foundstone for discovering this vulnerability.
In virtual machines running Red Hat Linux with kernel version 2.4.2, installing VMware Tools and selecting the default display resolution (800 x 600) causes the virtual machine to stop responding.
VMware ACE 1.0.3
ACE 1.0.3 addresses the following security issues:
In addition, VMware ACE 1.0.3 fixes the following issues:
- Virtual machines can be put in various states of suspension, as specified by the ACPI power management standard. When returning from a sleep state (S2) to the run state (S0), the virtual machine process (VMX) collects information about the last recorded running state for the virtual machine. Under some circumstances, VMX read state information from an incorrect memory location. This issue might be used to cause a successful denial-of-service attack where the virtual machine must be rebooted.
The Common Vulnerabilities and Exposures assigned the name CVE- 2007-1337 to this issue.
Thanks to Tavis Ormandy of Google for identifying this issue.
- Some VMware products support storing configuration information in VMware system files. Under some circumstances, a malicious user might instruct the virtual machine process (VMX) to store malformed data, causing an error. This error might enable a successful denial-of-service attack on guest operating systems.
The Common Vulnerabilities and Exposures assigned the name CVE-2007-1877 to this issue.
Thanks to Sungard Ixsecurity for identifying this issue.
- Some VMware products managed memory in a way that failed to gracefully handle some general protection faults (GPF) in Windows guest operating systems. A malicious user might use this vulnerability to stop Windows virtual machines. While this vulnerability might allow an attacker to stop a virtual machine, it is possible to escalate privileges or escape virtual containment.
The Common Vulnerabilities and Exposures assigned the name CVE-2007-1069 to this issue.
Thanks to Ruben Santamarta of Reversemode for identifying this issue.
- In a 64-bit Windows guest on a 64-bit host, debugging local programs might create system instability. Using a debugger to step into a syscall instruction might corrupt the virtual machine's register context. This corruption produces unpredictable results, including corrupted stack pointers, kernel bugchecks, or VMX process failures.
The Common Vulnerabilities and Exposures assigned the name CVE-2007-1876 to this issue.
Thanks to Ken Johnson for identifying this issue.
- Shared Folders is a feature that enables users of guest operating systems to access a specified set of folders in the host's file system. A vulnerability exists that might allow an attacker to write arbitrary content from a guest system to arbitrary locations on the host system. In order to exploit this vulnerability, the VMware system must have at least one folder shared. Although the Shared Folder feature is enabled by default, no folders are shared by default, which means this vulnerability is not exploitable by default.
The Common Vulnerabilities and Exposures assigned the name CVE-2007-1744 to this issue.
Thanks to Greg MacManus of iDefense Labs for identifying this issue.
- A malicious user might make plaintext additions to the encrypted preferences file by overwriting the file while VMware Player is running.
- In the previous ACE release, if you added a USB controller to a Windows virtual machine on
a Windows host and booted the virtual machine, the USB controller failed to initialize, with
the message "A supported host USB driver not found".
An issue with powering on virtual machines resulted from corruption of the
An issue with VMware Tools caused the guest to run out of memory.
The virtual machine fails to power on with error message Access to this virtual machine blocked. An error was encountered while checking if this VM was encrypted properly.
VMware ACE 1.0.2
ACE 1.0.2 addresses the security vulnerability in NAT Networking
This release addresses a security vulnerability that has been discovered in VMware ACE. Since this issue is serious, VMware recommends that you install the VMware ACE 1.0.2 update or disable NAT networking. For more information, see the following Knowledge Base articles:
VMware ACE 1.0.1
ACE 1.0.1 resolves the following issues:
- Virtual machine stops responding when host wakes from hibernation.
- Encrypted virtual machines fail to install with no error message if
there is not enough disk space.
- Reboot of host computer needed to enable advanced network quarantine.
- Packages created under an evaluation copy of VMware ACE Manager were not
correctly updated by the paid copy of VMware ACE Manager.
- Tab key behaves like Alt-Tab in Japanese Windows 95 guest after
Ctrl+Alt+Del or Ctrl+Alt+Insert is cancelled.
- Host quarantine's zone detection feature sometimes did not work
- Segmentation fault when running certain Java commands under SUSE LINUX
- Double-clicking the VMware ACE title bar changes the resolution of the
guest operating system display while switching to full screen mode.
- Guest operating system freezes when laptop host computer is undocked
from a docking station with a USB controller.
- Windows NT guest fails on Windows 2000 host.
- End user must minimize VMware ACE to view help.
Knowledge Base Articles
If you encounter any of the issues listed below, click the appropriate link
or go to the VMware knowledge base and enter the article number
as your search term.
You can also view a list of all knowledge base articles related to
VMware ACE 1.0.1.