Posted by Simon Long Aug 8, 2018
VMware Security Advisory (VMSA-2018-0019) For VMware Horizon 6 & 7 Customers
VMware just released Security Advisory VMSA-2018-0019 for customers who are using VMware Horizon v6 or v7 and the Horizon Client for Windows. As many of my readers are VMware Horizon customers, I thought I’d bring this to your attention in case you missed the official notifications from VMware.
Advisory Summary
Out-of-bounds read vulnerability in the Message Framework library.
Horizon 6, 7, and Horizon Client for Windows contains an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed.
Note: This issue doesn’t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.
Remediation Steps
- VMware Horizon 7.x.x customer should update to Horizon 7.5.1
- VMware Horizon 6.x.x customer should update to Horizon 6.2.7
- Horizon Client for Windows users should update to 4.8.1
For further information and direct links to the patch downloads, visit the Security Advisory VMSA-2018-0019 page.