VMware Tools for Windows update addresses Authentication Bypass vulnerability in VMware Tools (CVE-2023-20867)

VMware released security advisory VMSA-2023-0013 with Low severity affecting VMware Tools for Windows.

The fix is available in VMware Tools for Windows v12.2.5 in the VSS-Windows Content Library as Item VMware-Tools-windows-12.2.5-21855600.iso. Please, use the VSS Portal or the VSS CLI to mount the ISO and Install the patched version.

How-To Remediate

Windows

ITS Private Cloud CLI

1. Mount the VMware Tools ISO VMware-Tools-windows-12.2.5-21855600 with the vss-cli:

   vss-cli compute vm set <id> cd up --backing VMware-Tools-windows-12.2.5-21855600 1

2. Proceed with the installation in the OS.

ITS Private Cloud Portal

1. Login to the https://cloud-portal.eis.utoronto.ca

2. Look for your VM and click on the Edit button.

3. Mount the VMWare Tools ISO VMware-Tools-windows-12.2.5-21855600.

4. Proceed with the installation in the OS.

References

• https://www.vmware.com/security/advisories/VMSA-2023-0013.html

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20867