VMWare patches severe security flaws in ESXi, Workstation and Fusion

VMWare said it has released a critical security update resolving vulnerabilities that were discovered in the company's Workstation, Fusion and ESXi offerings and which could allow threat actors to access workloads within their targets' virtual environments, Threatpost reports. The company noted that while the five security flaws range in ratings on the CVSS vulnerability-severity scale from 5.3 to 8.4 out of 10, or "important” to "moderate” in severity, threat actors could potentially join these together to produce worse outcomes. "Combining these issues may result in higher severity, hence the severity of this [advisory] is at severity level critical,” VMWare said. The company noted in its advisory that while patching Workstation, Fusion and ESXi is the fastest way to address the flaws, users could also opt for a workaround in which they remove USB controllers from their virtual machines. However, it notes that this option "may be infeasible at scale…and does not eliminate the potential threat like patching does,” the company said in its advisory.