Print this article  |  E-mail this article  |  Comment on this article

Security Vulnerability Found in VMware

By Nate Mook, BetaNews

December 21, 2005, 4:12 PM

A "very serious" security vulnerability has been discovered in VMware's line of virtual computing products, including VMware Workstation, GSX Server, ACE and VMware Player. The flaw could enable malware to effectively "jump" from the virtual machine onto the real computer running VMware software.

"Since VMware is used heavily in malware research, this is an obvious danger," says Alex Eckelberry, CEO of Sunbelt Software. VMware has posted updates to the affected products, which customers are urged to download immediately. Alternatively, users can disable the NAT service, which contains the vulnerability.

Add a Comment (6 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By Siyavash

posted Dec 21, 2005 - 7:40 PM

That's why I use Microsoft VirtualPC instead. =:D

Score: 0

By Vantorax

posted Dec 22, 2005 - 8:50 AM

And Microsoft has always been immune to nasty vulnerabilities?

Score: 0

By Mark Gillespie

posted Dec 22, 2005 - 7:07 AM

then you are a fool.

Score: 0

By PC_Tool

posted Dec 21, 2005 - 4:51 PM

Um...

*gasp*

A NAT gateway to my host PC means the guest OS can communicate to the Host?

Shocking!

...Idiots.

Score: 0

By NEOBassDUDE

posted Dec 21, 2005 - 4:21 PM

Thats just about the worst exploit you could have with this kind of software!

Score: 0

By Kramy

posted Dec 21, 2005 - 4:38 PM

Good thing they patched it immediately then!

Score: 0

Dec 4 - 11:47 AM ET The storm hits AT&T, with a five-digit headcount reduction

Dec 4 - 11:42 AM ET TV sports adopts Web coverage, plays with iPhones

Dec 4 - 11:24 AM ET Microsoft seeks 'community' help to make IE8 Standards Mode work out

Dec 4 - 10:43 AM ET Hitachi GST and Intel make a solid-state deal

Dec 3 - 11:36 PM ET Yahoo cedes Internet radio operations to CBS

Dec 3 - 5:54 PM ET Big BCS bowl game to land at CES 2009...in 3-D!

Dec 3 - 4:58 PM ET Songbird 1.0 music player makes a landing

Dec 3 - 3:41 PM ET Ted Rogers (1933-2008), giant of Canadian tech and media

Dec 3 - 2:27 PM ET Analysts: PC growth will slow, while notebooks remain a bright spot

Dec 3 - 1:58 PM ET RIM's third quarter outlook shouldn't shock, but does anyway