VMware Security Announcement VMSA-2020-0013
Today VMware released VMSA-2020-0013. This affects VMware Horizon Client for Windows. The update addresses privilege escalation vulnerability (CVE-2020-3961)
- VMware Horizon Client for Windows
A privilege escalation vulnerability affecting VMware Horizon Client for Windows was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.
VMware Horizon Client for Windows privilege escalation vulnerability (CVE-2020-3961)
VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.4.
Known Attack Vendors
A local user on the system where the software is installed may exploit this issue to run commands as any user.
To remediate this issue in the Horizon Client for Windows, update to version 5.4.3. The are no workarounds provided other than the updated version. Release notes and download information provided below.
References and Downloads
VMware Horizon Client 5.4.3
Downloads and Documentation:
Here is a link to the official post from VMware.
Thanks for reading!