VMware ESXi 4.0, Patch ESXi400-201302402-SG: Updates VMware Tools (2041347)
Release date: February 07, 2013
|Patch Classification||Security |
See KB 2014447 if using Update Manager 5.0
|Build||For build information, see KB 2041344.|
|Host Reboot Required||No|
|Virtual Machine Migration or Shutdown Required||No|
|Related CVE number||CVE-2013-1406|
Summaries and Symptoms
This patch resolves an issue where due to defective handling of some I/O control codes, the vmci.sys driver might allow privilege escalation on Windows guest operating systems. A malicious user can exploit this vulnerability to manipulate the memory allocation through the Virtual Machine Communication Interface (VMCI) code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1406 to this issue.
None beyond the required patch bundles and reboot information listed in the table above.
Patch Download and Installation
The typical way to apply patches to ESXi hosts is through the VMware Update Manager. For details, see the VMware vCenter Update Manager Administration Guide.