Rewterz Threat Alert – Coronavirus Campaigns – KBot, Azorult, CoronaVirus Ransomware, MBR Wiper

March 13, 2020

Rewterz Threat Advisory – Slack fixes Vulnerability Exploitable for Session Hijacking

March 17, 2020

Rewterz Threat Advisory – VMware Multiple Vulnerabilities

March 15, 2020

Severity

High

Analysis Summary

CVE-2019-5543

For VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

CVE-2020-3947

VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.

CVE-2020-3948

Linux Guest VMs running on VMware Workstation and Fusion contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Exploitation is only possible if virtual printing is enabled in the Guest VM. Virtual printing is not enabled by default on Workstation and Fusion. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.

Impact

Unauthorized command execution
Denial of Service
Privilege Escalation

Affected Vendors

VMware

Affected Products

VMware Workstation Pro / Player (Workstation) 15.x
VMware Fusion Pro / Fusion (Fusion) 11.x
Horizon Client for Windows 5.x and prior
VMRC for Windows 10.x

Remediation

Update VMware Workstation Pro and Player to version 15.5.2:

VMware Workstation Pro 15.5.2

https://www.vmware.com/go/downloadworkstation

https://docs.vmware.com/en/VMware-Workstation-Pro/index.html

VMware Workstation Player 15.5.2

https://www.vmware.com/go/downloadplayerhttps://docs.vmware.com/en/VMware-Workstation-Player/index.html

Update VMwareFusion to version 11.5.2:

VMware Fusion 11.5.2
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html

Update VMware Horizon Client for Windows to version 5.3.0:

VMware Horizon Client for Windows 5.3.0
https://my.vmware.com/web/vmware/details?downloadGroup=CART20FQ4_WIN_530&productId=863
https://docs.vmware.com/en/VMware-Horizon-Client/index.html

Update VMware Remote Console for Windows to 11.0.0:

VMware Remote Console for Windows 11.0.0
https://my.vmware.com/web/vmware/details?downloadGroup=VMRC1100&productId=742
https://docs.vmware.com/en/VMware-Remote-Console/index.html

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Group aka Rattlesnake – Active IOCs

Google OAuth Exploited in Sophisticated Phishing Campaign

Hackers Actively Exploit Critical Vulnerabilities in Exchange and SharePoint Servers

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Coronavirus Campaigns – KBot, Azorult, CoronaVirus Ransomware, MBR Wiper

Rewterz Threat Advisory – Slack fixes Vulnerability Exploitable for Session Hijacking

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.