VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities (CVE-2023-34057, CVE-2023-34058)
By JM Lopez
VMware released security advisory VMSA-2023-0024 with Important severity affecting VMware Tools for Windows.
The fix is available in VMware Tools v12.3.5 for Windows available in the VSS-Windows Content Library as Item VMware-Tools-windows-12.3.5-22544099 (see Windows section below).
How-To Remediate
Windows
ITS Private Cloud CLI
Mount the VMware Tools ISO
VMware-Tools-windows-12.3.5-22544099with thevss-cli:vss-cli compute vm set <id> cd up --backing VMware-Tools-windows-12.3.5-22544099 1Proceed with the installation in the OS.
ITS Private Cloud Portal
Login to the
https://cloud-portal.eis.utoronto.caLook for your VM and click on the
Editbutton.Mount the VMWare Tools ISO
VMware-Tools-windows-12.3.5-22544099.Proceed with the installation in the OS.
References
, multiple selections available,
Related content
VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230)
VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230)
More like this
How-to Verify VMware Tools version
How-to Verify VMware Tools version
More like this
How-to Install VMware Tools on Windows Based Virtual Machines
How-to Install VMware Tools on Windows Based Virtual Machines
More like this
How-to Install Open VMware Tools (open-vm-tools) on *nix Guest Operating Systems
How-to Install Open VMware Tools (open-vm-tools) on *nix Guest Operating Systems
More like this
How-to Convert Windows 10/2016+ Build 1703 or later VSS VM from BIOS to UEFI
How-to Convert Windows 10/2016+ Build 1703 or later VSS VM from BIOS to UEFI
Read with this
Introducing VM Automated Incident Response with Event Driven Automation on the ITS Private Cloud
Introducing VM Automated Incident Response with Event Driven Automation on the ITS Private Cloud
Read with this
University of Toronto - Since 1827