VMware published a security bulletin VMSA-2020-002 (CVE-2020-3941) concerning a vulnerability within VMware Tools 10.
In their security advisory, the virtualization giant explains that “A vulnerability that was removed from VMware Tools 11.0.0 has been determined to affect VMware Tools for Windows version 10.x.y. Workarounds are available to address this vulnerability in all affected versions if you’re unable to update to version 11.“
The vulnerability allows a local user to gain access to sensitive information or even to expand their rights on a Windows Virtual Machine. The vulnerability is known as a ‘Race Condition’ meaning that it becomes a bug or threat when one of the few possible behaviors are unwanted.
With a CVSSv3 rating of 7.8, we advise you to update all VMware installations. It has the potential to affect a lot of IT environments since it applies to all versions of VMware Tools 10. To remediate CVE-2020-3941, you can update to version 11.0 or later.
Find Affected VMware Installations in Your Network
If you currently have VMware Tools deployed on your workstations, it’s pretty critical that you update them at the earliest opportunity to ensure that you don’t fall prey to this exploit. Our VMware Tools Vulnerability Audit Report can tell you in no time which devices still have an outdated Firefox version in place and need to be patched.
If you haven’t already, start your 14-day Lansweeper trial and audit your network in no time.