Nor server
From: Louis, Joe [mailto:[EMAIL PROTECTED] Sent: Tuesday, 26 February 2008 6:18 AM To: NT System Admin Issues Subject: RE: Another vmware security bug Ya. VMware and SANS both had something on this over the weekend. Doesn't affect ESX though. _____ From: Benjamin Zachary [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 2:02 PM To: NT System Admin Issues Subject: Another vmware security bug http://www.infoworld.com/article/08/02/25/Critical-VMware-bug-lets-attackers -zap-real-Windows_1.html?source=NLC-TB <http://www.infoworld.com/article/08/02/25/Critical-VMware-bug-lets-attacker s-zap-real-Windows_1.html?source=NLC-TB&cgd=2008-02-25> &cgd=2008-02-25 The hole actually makes sense, you have to enable the shared folders feature, and then the compromised windows/linux system could drop files into the share (which are on the host) and then get executed it seems. I dont think this is any *major* bug news, but thought i would pass it along as the new recommendation is to disable guest/host sharing for the interim. I would think if you share guest/host files via the vmware interface you would accept the risk of the host being undermined since you are sharing data on it. For those that need it I think the CIS tools have vmware templates for auditing which are normally fairly easy to implement. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
