VMWare issued security patches to close critical vulnerabilities in its hypervisor software including ESXi, Workstation and Fusion. The vulnerabilities, CVE-2020-4004 and CVE-2020-4005, could allow an attacker who compromises a virtual machine (VM) and has local administrator access to the guest VM to execute code as the VMX process on the host server, and then escalate their privileges after gaining access to VMX. VMWare also issued security updates for SD-WAN Orchestrator that close six vulnerabilities including SQL injection. Those vulnerabilities are not as critical as those targeting ESXi.
Analyst Notes
Binary Defense analysts have observed many attackers targeting vulnerable software in the days and weeks after patches are issued. It is important for organizations to have a robust vulnerability management program to assess which patches should be installed first and prioritize IT operations work to close the loop quickly on critical patches. ESXi servers in production environments that host virtual machines that are at risk for compromise (e.g. external facing web servers running on VMs) should be prioritized to receive this ESXi patch as soon as possible.
For more information, please see: https://www.helpnetsecurity.com/2020/11/20/vulnerabilities-esxi-hypervisor/
https://www.vmware.com/security/advisories/VMSA-2020-0026.html
