VMware Fixes Critical Zero-Day Exploit Chain Used at Pwn2own
Cyber Threat Summary:
“VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched versions of the company's Workstation and Fusion software hypervisors. The two flaws were part of an exploit chain demoed by the STAR Labs team's security researchers one month ago, during the second day of the Pwn2Own Vancouver 2023 hacking contest. ” (Bleeping Computer, 2023).
The vulnerabilities in question are being tracked as CVE-2023-20869 and CVE-2023-20870. CVE-2023-20869 is related to a stack-based buffer-overflow vulnerability in the functionality for sharing host Bluetooth devices with the virtual machine. Successful exploitation could enable local attackers with administrative privileges to execute code as the virtual machine’s VMX process running on the host. The second vulnerability (CVE-2023-20870), relates to an information disclosure weakness in the functionality for sharing host Bluetooth devices with the VM, which allows malicious actors to read privileged information contained in hypervisor memory from a VM.
Analyst Comments:
Both vulnerabilities have been fixed in Workstation version 17.0.2 and Fusion version 13.0.2. The vendor is giving organizations 90 days to patch the zero-day bugs exploited and disclosed during Pwn2Own before Trend Micro's Zero Day Initiative releases technical details.
Corrections or Suggestions:
Organizations should secure their systems as soon as possible to prevent potential exploitation attempts. If updating is not feasible, VMware recommends turning off the Bluetooth support on the virtual machine altogether. This can be accomplished by unchecking the option “Share Bluetooth devices with the virtual machine" on the impacted products.” More details can be found using the link below:
https://kb.vmware.com/s/article/91760
Link:
https://www.bleepingcomputer.com