SynopsisThe remote VMware ESX / ESXi host is missing a security-related patch.
DescriptionThe remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by a privilege escalation vulnerability in the Virtual Machine Communication Interface (VMCI) due to improper handling of control code in vmci.sys. A local attacker can exploit this to change memory allocation, resulting in an escalation of privileges on Windows-based guest operating systems.
Note that systems with VMCI disabled are still affected by the vulnerability.
SolutionApply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.