VMware Security Announcement VMSA-2020-0013

Today VMware released VMSA-2020-0013. This affects VMware Horizon Client for Windows. The update addresses privilege escalation vulnerability (CVE-2020-3961)

Impacted Products
  • VMware Horizon Client for Windows
Introduction

A privilege escalation vulnerability affecting VMware Horizon Client for Windows was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.

VMware Horizon Client for Windows privilege escalation vulnerability (CVE-2020-3961)

Description

VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.4.

Known Attack Vendors

A local user on the system where the software is installed may exploit this issue to run commands as any user.

Resolution

To remediate this issue in the Horizon Client for Windows, update to version 5.4.3. The are no workarounds provided other than the updated version. Release notes and download information provided below.

References and Downloads


VMware Horizon Client 5.4.3

Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon_clients/5_0
https://docs.vmware.com/en/VMware-Horizon-Client/index.html

Here is a link to the official post from VMware.

https://www.vmware.com/security/advisories/VMSA-2020-0013.html

Thanks for reading!