VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities (CVE-2023-34057, CVE-2023-34058)
VMware released security advisory VMSA-2023-0024 with Important severity affecting VMware Tools for Windows.
The fix is available in VMware Tools v12.3.5
for Windows available in the VSS-Windows Content Library as Item VMware-Tools-windows-12.3.5-22544099
(see Windows section below).
How-To Remediate
Windows
ITS Private Cloud CLI
Mount the VMware Tools ISO
VMware-Tools-windows-12.3.5-22544099
with thevss-cli
:vss-cli compute vm set <id> cd up --backing VMware-Tools-windows-12.3.5-22544099 1
Proceed with the installation in the OS.
ITS Private Cloud Portal
Login to the
https://cloud-portal.eis.utoronto.ca
Look for your VM and click on the
Edit
button.Mount the VMWare Tools ISO
VMware-Tools-windows-12.3.5-22544099
.Proceed with the installation in the OS.
References
University of Toronto - Since 1827