Yesterday, VMware announced that they were rolling out several updates in order to remediate multiple vulnerabilities identified in their products. The vulnerabilities were privately reported and range in severity from moderate to critical. Further information, patches and workarounds are detailed here. The CVEs and affected products are as follow: CVE-2020-3981 (important) Affects VMware ESXi, Fusion and Workstation These products feature an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. If a malicious actor gains admin access to a VM, this issue may be exploited to leak memory. CVE-2020-3982 (moderate) Affects VMware ESXi, Fusion and Workstation These products feature an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. If…
On Friday 11th August Microsoft announced a phased two-part security update to address a recently identified vulnerability affecting Netlogon. The first stage of the update is underway, with the second phase expected in Q1 2021. Whilst Microsoft has known about the vulnerability since August, a Proof…
