SynopsisThe remote VMware ESXi / ESX host is missing a security-related patch.
Descriptiona. VMware LGTOSYNC privilege escalation.
VMware ESX, Workstation and Fusion contain a vulnerability in the handling of control code in lgtosync.sys. A local malicious user may exploit this vulnerability to manipulate the memory allocation. This could result in a privilege escalation on 32-bit Guest Operating Systems running Windows 2000 Server, Windows XP or Windows 2003 Server on ESXi and ESX; or Windows XP on Workstation and Fusion.
The vulnerability does not allow for privilege escalation from the Guest Operating System to the host. This means that host memory can not be manipulated from the Guest Operating System.
VMware would like to thank Derek Soeder of Cylance, Inc. for reporting this issue to us.
The Common Vulnerabilityies and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3519 to this issue.
SolutionApply the missing patch.