4
you are viewing a single comment's thread
view the rest of the comments
[-] autotldr@lemmings.world 2 points 8 months ago

This is the best summary I could come up with:


The flaws earned those ratings as they mean a malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code outside the guest.

Workarounds for the flaws even apply to vSphere 6.x – a now unsupported version of VMware's flagship server virtualization platform.

Yet VMware's FAQ admits doing so "may not be feasible at scale" as "some supported operating systems require USB for keyboard & mouse access via the virtual console."

The FAQ adds: "That said, most Windows and Linux versions support use of the virtual PS/2 mouse and keyboard," and removing unnecessary devices such as USB controllers is recommended as part of the security hardening guidance VMware publishes.

Interestingly, some of the flaws were discovered by researchers at 2023's Tianfu Cup Pwn Contest – China's equivalent of the Pwn2Own infosec attack-fest.

Also thanked were Jiaqing Huang and Hao Zheng from the TianGong Team of Legendsec at Qi'anxin Group, as they found some of the flaws independently.


The original article contains 416 words, the summary contains 163 words. Saved 61%. I'm a bot and I'm open source!

this post was submitted on 07 Mar 2024
4 points (100.0% liked)

Cybersecurity News

1326 readers
1 users here now

Welcome to Cybersecurity News!

A community that collect news and other tidbits related to cybersecurity in all its domains.

There are no hard and fast rules regarding what to post here-- we are fine with both pop news articles and more technical pieces regarding cybersecurity.

We use a bot called flynnbot to repost some rss feed content but the majority of posts are human-curated.

New to Cybersecurity?

Here are some resources to get you started:

Related Communities

!security_cpe@infosec.pub
!cybersecurity@zerobytes.monster
!packetstorm@zerobytes.monster
!security@programming.dev
!secops@lemmy.world
!cybersecurity@sh.itjust.works
!netsec@zerobytes.monster
!securitynews@infosec.pub
!cloudsecurity@infosec.pub
!netsec@links.hackliberty.org
!cybersecurity@infosec.pub
!cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS