Infrastructure Briefing — February 19, 2020
VMware published VMSA-2020-0005 patching Workstation, Fusion, and ESXi for multiple vulnerabilities, including an elevation of privilege in vmnetdhcp and an out-of-bounds read in Cortado Thinprint, requiring hypervisor and endpoint updates.
Executive briefing: On , VMware released Security Advisory VMSA-2020-0005 addressing vulnerabilities across VMware Workstation, Fusion, and ESXi. Issues included a local privilege escalation via vmnetdhcp (CVE-2020-3947) and an out-of-bounds read in the Cortado Thinprint component (CVE-2020-3948).
Why it matters: Exploitation can allow local users to escalate privileges on hosted hypervisors or trigger denial-of-service conditions on ESXi hosts. Desktop virtualization users must upgrade promptly to maintain workstation security baselines.
- Patch deployment: Upgrade Workstation to 15.5.2 and Fusion to 11.5.2; apply corresponding ESXi patches from the advisory matrix.
- Access controls: Limit local administrative access on virtualization hosts and monitor for unexpected vmnetdhcp process restarts.
- Change management: Schedule maintenance windows to reboot affected hosts after patching to ensure vulnerable components are replaced.
- Verification: Confirm versions post-upgrade and document remediation for compliance tracking.
Continue in the Infrastructure pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Edge Resilience Infrastructure Guide — Zeph Tech
Engineer resilient edge estates using ETSI MEC standards, DOE grid assessments, and GSMA availability benchmarks documented by Zeph Tech.
-
Infrastructure Resilience Guide — Zeph Tech
Coordinate capacity planning, supply chain, and reliability operations using DOE grid programmes, Uptime Institute benchmarks, and NERC reliability mandates covered by Zeph Tech.
-
Infrastructure Sustainability Reporting Guide — Zeph Tech
Produce audit-ready infrastructure sustainability disclosures aligned with CSRD, IFRS S2, and sector-specific benchmarks curated by Zeph Tech.