VMware Releases Security Updates Published Friday, April 12, 2019

Preface: A quick walk through on your VMware setup, see whether 3D acceleration feature is enabled. It is recommended to disabling the 3D-acceleration feature to protect your IT environment.

Vulnerability Details:
CVE-2019-5514 – Vulnerability due to certain unauthenticated APIs accessible through a web socket
CVE-2019-5515 – Out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters
CVE-2019-5518 – Out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface)
CVE-2019-5519 – Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface)
CVE-2019-5524 – Out-of-bounds write vulnerability in the e1000 virtual network adapter
CVE-2019-5516 – Vertex shader out-of-bounds read vulnerability
CVE-2019-5517 – multiple shader translator out-of-bounds read vulnerabilities
CVE-2019-5520 – out-of-bounds read vulnerability

Official announcement: https://www.vmware.com/security/advisories/VMSA-2019-0006.html

Checkpoint – Regarding to existing vulnerability reporting process, Zero day or new found vulnerabilities has grace period announce to public. Should you have doubts?
Check your managed services provider and identify how do they handling zero-day? For example: Microsoft Active Protections Program member will be know the windows zero day in advance 90 days. As such, you can using this indicator to choosen your MSS.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.