Rewterz Threat Alert – North Korean APT Group Kimusky Targeting Asia

November 20, 2020

Rewterz Threat Advisory – CVE-2020-13671 – Drupal Core Critical Remote Code Execution Vulnerability

November 20, 2020

Rewterz Threat Advisory – VMware Workstation, Fusion and Horizon Client Multiple Vulnerabilities

November 20, 2020

Severity

Medium

Analysis Summary

Multiple vulnerabilities in VMware Workstation, Fusion and Horizon Client were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

PATH configuration privilege escalation vulnerability (CVE-2020-3980)
VMware Fusion contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.

Multiple out-of-bounds read vulnerabilities (CVE-2020-3986, CVE-2020-3987, CVE-2020-3988)
VMware Workstation and Horizon Client for Windows contain multiple out-of-bounds read vulnerabilities in Cortado ThinPrint component. These issues exist in the EMF and JPEG2000 parsers. A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.

Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.

Denial-of-service vulnerability (CVE-2020-3989)
VMware Workstation and Horizon Client for Windows contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed.

Information disclosure vulnerability (CVE-2020-3990)

VMware Workstation and Horizon Client for Windows contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.

Impact

Privilege Escalation
Denial of Service
Memory Leakage

Affected Vendors

VMware

Affected Products

VMware Fusion Pro / Fusion 11.x
VMware Horizon Client for Windows 5.x and prior
VMware Workstation Pro/Player 15.x

Remediation

Updates are available. Update to:

Horizon Client for Windows 5.4.4
Workstation 15.5.7
Fusion 11.5.7

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs

Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities

Rewterz Threat Advisory – ICS: Multiple Siemens Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs

Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities

Rewterz Threat Advisory – ICS: Multiple Siemens Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us