Rewterz

Rewterz Threat Alert – The BazarCall Method BazarLoader Malware Uses – Active IOCs

May 21, 2021
Rewterz

Rewterz Threat Advisory – CVE-2021-31474 – SolarWinds Network Performance Monitor code execution

May 21, 2021

Rewterz Threat Advisory – VMware Workstation Multiple Vulnerabilities

Severity

Low

Analysis Summary

CVE-2021-2198, CVE-2021-21988, and CVE-2021-21989

VMware Workstation and Horizon client for Windows contains multiple out-of-bounds read vulnerabilities in the Cortado ThinPrint component. The JPED2000 and TTC parsers are affected by these issues. A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client for Windows.

Impact

Information Disclosure

Affected Vendors

VMware

Affected Products

  • VMware Horizon Client for Windows 5.x and prior
  • VMware Workstation Pro / Player (Workstation) 16.x

Remediation

Download the latest patches and update to version 16.1.2 from https://www.vmware.com/security/advisories/VMSA-2021-0009.html#

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.