VMware Security Advisory (VMSA-2018-0019) For VMware Horizon 6 & 7 Customers

VMware just released Security Advisory VMSA-2018-0019 for customers who are using VMware Horizon v6 or v7 and the Horizon Client for Windows. As many of my readers are VMware Horizon customers, I thought I’d bring this to your attention in case you missed the official notifications from VMware.

Advisory Summary

Out-of-bounds read vulnerability in the Message Framework library.

Horizon 6, 7, and Horizon Client for Windows contains an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed.

Note: This issue doesn’t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.

Remediation Steps

  • VMware Horizon 7.x.x customer should update to Horizon 7.5.1
  • VMware Horizon 6.x.x customer should update to Horizon 6.2.7
  • Horizon Client for Windows users should update to 4.8.1

For further information and direct links to the patch downloads, visit the Security Advisory VMSA-2018-0019 page.