VMware Tools for Windows update addresses Authentication Bypass vulnerability in VMware Tools (CVE-2023-20867)
VMware released security advisory VMSA-2023-0013 with Low severity affecting VMware Tools for Windows.
The fix is available in VMware Tools for Windows v12.2.5 in the VSS-Windows Content Library as Item VMware-Tools-windows-12.2.5-21855600.iso. Please, use the VSS Portal or the VSS CLI to mount the ISO and Install the patched version.
How-To Remediate
Windows
ITS Private Cloud CLI
Mount the VMware Tools ISO
VMware-Tools-windows-12.2.5-21855600
with thevss-cli
:vss-cli compute vm set <id> cd up --backing VMware-Tools-windows-12.2.5-21855600 1
Proceed with the installation in the OS.
ITS Private Cloud Portal
Login to the
https://cloud-portal.eis.utoronto.ca
Look for your VM and click on the
Edit
button.Mount the VMWare Tools ISO
VMware-Tools-windows-12.2.5-21855600
.Proceed with the installation in the OS.
References
University of Toronto - Since 1827