This advisory is provided as a courtesy.
We would like to bring to your attention a newly discovered vulnerability affecting VMware ESXi, as well as VMware Workstation and Fusion. The products' CD-ROM device emulation has a heap-overflow vulnerability, which allows a malicious attacker with access to a virtual machine with CD-ROM device emulation to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
Affected Software
VMware ESXi 6.5, 6.7 and 7.0
VMware Workstation 16.x
VMware Fusion 12.x
How to Fix the Problem
For ESXi 6.5 and 6.7, you may download the latest patch from the VMware portal and install it on your ESXi servers to resolve the vulnerability. For ESXi 7.0, the patch is not out yet as of 5 January 2022 @ 4 pm Singapore time, however, you may implement the workaround by disabling CDROM emulation on all virtual machines running on the ESXi hosts.
More information
VMWare Advisory: VMSA-2022-0001
VMware security advisory about vulnerability CVE-2021-22045 in VMware Workstation & Co.
Request Assistance
If you have VMware ESXi and need our assistance to patch it up or to perform the workaround, we can do it for you at a one-time discounted fee of $30. Please submit your order at Order -> Additional Services -> Vulnerability Fix - WINDOWS: HTTP.sys; Schannel; Freak Attack, WannaCry, Petya (Win), VMWare vCenter Server - $30
Or please first open a support ticket and give us the detail of your VMware deployment and setup.
Thank you.
??
English
Bahasa Indonesia
???
Espanol