IT conglomerate VMware, a Broadcom subsidiary, has flagged a number of vulnerabilities in hypervisors. These vulnerabilities could permit attackers to interfere with or break into operations. VMware, noting the high severity of these vulnerabilities, has advised immediate action.
These security gaps could facilitate malicious activities disrupting system performance and data integrity. To combat this, VMware has launched security updates and patches to rectify the vulnerabilities. Users are urged to implement these updates promptly to avert a security breach.
The flaws considered most prominent are CVE-2024-22252 and 22253, with scores of 9.3/10 and 8.4/10 on VMware’s severity scale for its desktop and server hypervisors respectively. These vulnerabilities could let malicious individuals run harmful codes beyond their allocated areas. Prompt remedial measures such as patches and updates are strongly recommended.
Following the identification of these vulnerabilities, VMware has called for urgent action per IT Infrastructure Library protocols. Even unsupported versions of certain platforms need risk mitigation tactics due to an additional flaw, CVE-2024-2225. VMware strongly stresses the need for system updates and regular security patches for efficient combating of such vulnerabilities.
The vulnerabilities are predominantly related to virtual USB controllers. VMware suggests removal of such controllers from Virtual Machines (VMs) and invokes a focus on maintaining stringent security protocols and regular monitoring of VM activities. Regular software updates and user education about potential risks and mitigation tactics are strongly advised.
An additional vulnerability, CVE-2024-22254, allows malicious activity like performing out-of-bounds write actions, offering opportunities to breach the safety sandbox. Swift action is recommended to tackle CVE-2024-22254, including regular system updates and installation of patches as soon as they are available.
These vulnerabilities, though serious, do not grant full hypervisor access, thus largely keeping virtual machines safe from cyberattacks. VMware continues to recommend removal of non-critical devices like USB controllers as a good security practice.
