Loading specially crafted virtual machine checkpoint files can result in the host system being compromised Virtualization software vendor VMware has released security patches for its Workstation, Player, Fusion, ESXi and ESX products in order to address two vulnerabilities that could allow attackers to compromise the host system or crash a virtual machine. The more serious vulnerability is identified as CVE-2012-3288 and stems from an improper validation of input data when loading virtual machine checkpoint files, VMware said in a security advisory Thursday.Attackers could exploit this validation error by loading specially crafted checkpoint files to trigger a memory corruption and potentially execute arbitrary code on the host system. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe VMware advised customers to upgrade to the newly released Workstation 8.0.4, Player 4.0.4 and Fusion 4.1.3 or to install the patches available for their respective versions of ESXi and ESX. Customers should also avoid importing virtual machines from untrusted sources, the company said. The second vulnerability addressed by the new security updates could allow attackers to crash a virtual machine by sending malformed traffic from a remote virtual device.Remote virtual devices are devices like CD-ROMs that are made available to a virtual machine, but are physically attached to a remote computer. Traffic coming from remote virtual devices is incorrectly handled, VMware said. The risk associated with this vulnerability is mitigated by the fact that only users with administrative privileges can attach a remote device to a virtual machine. Users are advised not to attach untrusted remote devices to virtual machines, the company said. Related content brandpost Unlocking value: Oracle enterprise license models for optimal ROI Helping you maximize your return on investment of Oracle software program licenses is not as complex as it sounds—learn more today. By Rimini Street Oct 02, 2023 4 mins Managed IT Services IT Management brandpost Lessons from the field: Why you need a platform engineering practice (…and how to build it) Adopting platform engineering will better serve customers and provide invaluable support to their development teams. By VMware Tanzu Vanguards Oct 02, 2023 6 mins Software Deployment Devops feature The dark arts of digital transformation — and how to master them Sometimes IT leaders need a little magic to push digital initiatives forward. Here are five ways to make transformation obstacles disappear. By Dan Tynan Oct 02, 2023 11 mins Business IT Alignment Digital Transformation IT Strategy feature What is a project management office (PMO)? The key to standardizing project success The ever-increasing pace of change has upped the pressure on companies to deliver new products, services, and capabilities. And they’re relying on PMOs to ensure that work gets done consistently, efficiently, and in line with business objective By Mary K. Pratt Oct 02, 2023 8 mins Digital Transformation Project Management Tools IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe