According to Network World, a set of flaws have been discovered in VMware’s virtual machine software by researchers at IBM.
VMware has since updated its products to fix the vulnerabilities, though users who have yet to update their software face serious security risks. The root of the issue appears to stem from the DHCP server that comes with VMware.
The DHCP software is used to assign IP addresses to the different virtual machines running within VMware, but IBM researchers discovered that it can be exploited to gain control of the computer. That could be very bad news for someone running a lot of applications on the same VMware box, said Tom Cross, a researcher with IBM’s Internet Security Systems group.
Tom noted that exploiting this vulnerability could allow an attacker to gain complete control of any virtual machine on the physical server.
The DCHP flaws discovered here affect practically the whole range of VMware’s products, such as VMware’s ACE, Player, Server, and Workstation products running on both Linux and Windows operating systems.
Do you use VMware? What do you use virtualization for?