VMWare issued security patches to close critical vulnerabilities in its hypervisor software including ESXi, Workstation and Fusion. The vulnerabilities, CVE-2020-4004 and CVE-2020-4005, could allow an attacker who compromises a virtual machine (VM) and has local administrator access to the guest VM to execute code as the VMX process on the host server, and then escalate their privileges after gaining access to VMX. VMWare also issued security updates for SD-WAN Orchestrator that close six vulnerabilities including SQL injection. Those vulnerabilities are not as critical as those targeting ESXi.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in