Critical VMWare Desktop Vulnerability Abuses Default Security Settings
Source: net-security.org - Posted by Ryan Berens   
Latest News Engineers from CoreLabs, the research arm of Core Security, discovered that an attacker could gain complete access to a host system by exploiting this vulnerability in VMwares desktop software products. The vulnerability could allow an attacker to create or modify executable files on the host operating system.
One of the most interesting aspects of this vulnerability however, and one that comes up again and again, is that it abuses the shared folder access, a default setting.

One of the ways to fix it is to disable this setting. Why is this an "opt-out" security feature? Shouldn't sharing folders be an "opt-in" feature? Are there other examples that you can think of where the same pattern applies?

Read this full article at net-security.org

Only registered users can write comments.
Please login or register.

Powered by AkoComment!