The Cabinet Division has issued a Cyber Security Advisory addressing vulnerabilities in VMWare Workstation and Fusion.
The advisory highlights several critical issues identified and resolved by VMWare through recent updates, urging users to update their software to mitigate potential risks.
According to the advisory, multiple vulnerabilities have been identified, including:
- CVE-2024-22267: A use-after-free vulnerability that allows an attacker with local administrative privileges to execute arbitrary code on the host system.
- CVE-2024-22268: A heap buffer overflow vulnerability that can lead to a denial-of-service condition.
- CVE-2024-22269 and CVE-2024-22270: Information disclosure vulnerabilities that permit an attacker to access privileged data with local administrative privileges.
Read More:Car sales have declined following the introduction of a new vehicle tax in the 2024-25 budget
The Cabinet Division recommends users apply the necessary security patches by upgrading VMWare Workstation to version 17.5.2 or later and Fusion to version 13.5.2 or later. These updates are crucial for maintaining the security and integrity of systems running the affected software.
The advisory has requested that the Federal and provincial governments, ministries, and divisions disseminate this information to all relevant organizations and departments. Implementing the necessary protective measures is vital to safeguard against potential cyber threats posed by these vulnerabilities.