All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine.

VMware fixed a privilege escalation issue in VMware Tools

VMware this week released patches to address an important-severity vulnerability in the VMware Tools suite of utilities. According to Security Affairs, an attacker with local non-administrative access to the Guest OS can trigger the CVE-2022-31676 flaw to escalate privileges on a compromised system.

VMware Tools suite was subject to a privilege escalation vulnerability. An attacker could gain root privileges upon successful exploitation of this vulnerability. This vulnerability was resolved in versions 12.1.0 and 10.3.25.

GitLab issues patch for critical flaw in its Community and Enterprise software

DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system. Hacker News reports that a successful exploitation of the critical flaw could enable a malicious actor to run malicious code on the target machine, inject malware and backdoors, and seize complete control of the susceptible devices.

GitLab is subject to an arbitrary code execution vulnerability. An attacker could execute arbitrary code upon successful exploitation of this vulnerability. An attacker would need access to the import API to exploit this issue. This issue has been resolved in versions 15.3.1, 15.2.3, and 15.1.5. The issue can be mitigated by disabling import option.

Microsoft publicly discloses details on critical ChromeOS flaw

According to Security Affairs, Microsoft shared (Read more...)