VMware Security Advisory VMSA-2022-0004

VMware released advisory VMSA-2022-0004 that addresses security vulnerabilities found in VMware ESXi, VMware Workstation, VMware Fusion, and VMware Cloud Foundation products. Folks who have updated to vSphere 7 Update 3c have the updates in place already.

On February 15, 2022 VMware released VMSA-2022-0004, a critical advisory addressing security vulnerabilities found and resolved in VMware ESXi, Workstation, Fusion, and Cloud Foundation. These vulnerabilities are in the virtual USB/XHCI controllers found by default on many virtual machines, as well as the ESXi 7 sandbox (what is the sandbox? See below!). Exploitation of these vulnerabilities from a virtual machine would allow an attacker access to the hypervisor, so it is very important that you patch them soon.