VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities (CVE-2023-34057, CVE-2023-34058)

VMware released security advisory VMSA-2023-0024 with Important severity affecting VMware Tools for Windows.

The fix is available in VMware Tools v12.3.5 for Windows available in the VSS-Windows Content Library as Item VMware-Tools-windows-12.3.5-22544099 (see Windows section below).

How-To Remediate

Windows

ITS Private Cloud CLI

1. Mount the VMware Tools ISO VMware-Tools-windows-12.3.5-22544099 with the vss-cli:

   vss-cli compute vm set <id> cd up --backing VMware-Tools-windows-12.3.5-22544099 1

2. Proceed with the installation in the OS.

ITS Private Cloud Portal

1. Login to the https://cloud-portal.eis.utoronto.ca

2. Look for your VM and click on the Edit button.

3. Mount the VMWare Tools ISO VMware-Tools-windows-12.3.5-22544099.

4. Proceed with the installation in the OS.

References

• https://www.vmware.com/security/advisories/VMSA-2023-0024.html

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34057

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34058