Skip to main content

VMware Releases Workarounds to Address Meltdown & Spectre Flaws Affecting Virtual Appliances

posted onFebruary 9, 2018
by l33tdawg

VMware has started to reissue patches and workarounds for its affected Virtual Appliance products that are vulnerable to the Meltdown and Spectre security flaws. The company said its VMware VA products, including vCloud Usage Meter (UM), Identity Manager (vIDM), vCenter Server (vCSA), vSphere Data Protection (VDP), vSphere Integrated Containers (VIC), and vRealize Automation (vRA) are affected.

Publishing its advisory, the firm said that CPU data cache timing can be abused to “leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.” If successful, the exploitation can lead to information disclosure.

The company has only released a single patch for its vSphere Integrated Containers (VIC) products. However, mitigation tips are shared for all the other products that are in the affected list. The advisory warns that the Meltdown and Spectre chip bugs impact several products, encouraging users to implement workarounds until the patches arrive. However, it also added that users shouldn’t panic or implement workarounds and patches on the products that aren’t vulnerable since they are only designed for the products they are mentioned for.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th