Summary: When running under VMware Workstation, Fusion, ESX or ESXi hypervisors, old versions of Windows are vulnerable to privilege escalation.
VMware has issued an update for several of their hypervisor products to address a privilege escalation vulnerability when running Windows XP, Windows Server 2003 and older versions of Windows as a guest operating system.
The products are VMware Workstation, VMware Fusion and VMware ESXi and ESX. The vector for the attack is a VMware device driver LGTOSYNC.SYS. The file properties for this driver describe it as “VMware/Legato Sync Driver.”
The hypervisor itself is not exploitable through this vulnerability, but an unprivileged Windows process could elevate privilege under Windows. Presumably it could attain the privileges under which LGTOSYNC.SYS runs, but the advisory does not specify what level this is.
Updated versions may be downloaded at these pages:
About Larry Seltzer
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years.