Skip to main content

VMware Releases Workarounds to Address Meltdown & Spectre Flaws Affecting Virtual Appliances

posted onFebruary 9, 2018
by l33tdawg

VMware has started to reissue patches and workarounds for its affected Virtual Appliance products that are vulnerable to the Meltdown and Spectre security flaws. The company said its VMware VA products, including vCloud Usage Meter (UM), Identity Manager (vIDM), vCenter Server (vCSA), vSphere Data Protection (VDP), vSphere Integrated Containers (VIC), and vRealize Automation (vRA) are affected.

Publishing its advisory, the firm said that CPU data cache timing can be abused to “leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.” If successful, the exploitation can lead to information disclosure.

The company has only released a single patch for its vSphere Integrated Containers (VIC) products. However, mitigation tips are shared for all the other products that are in the affected list. The advisory warns that the Meltdown and Spectre chip bugs impact several products, encouraging users to implement workarounds until the patches arrive. However, it also added that users shouldn’t panic or implement workarounds and patches on the products that aren’t vulnerable since they are only designed for the products they are mentioned for.




You May Also Like

Recent News

Monday, May 21st

Thursday, May 17th

Monday, May 14th

Tuesday, May 8th

Saturday, May 5th

Thursday, May 3rd

Wednesday, May 2nd