To view this issue with real-world examples and resolution steps, visit the following advisory: https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=2145814 This issue affects both VMware Workstation and Horizon Client for Windows. An attacker must be on the same network or within the same subnet as the host. In the case of VMware Workstation, the attacker must have the ability to run remote applications or virtual machines on the host. For Horizon Client for Windows, the attacker must have physical access to the host.
Description and resolution
To view the security advisory and related Knowledge Base articles, visit https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=2145814
VMWare Workstation and Horizon Client
VMware Workstation is a software application that allows users to run and manage virtual machines (VMs) on their client device. It includes support for multiple operating systems. Horizon Client is a software application that allows users to remotely connect to and control VMs, hosts, and networks from Windows devices.
The following table defines the impact on VMware Workstation:
Impact of CVE-2022-22938 on VMware Workstation Impact on Horizon Client
Critical - VMWare Workstation must be patched immediately - Hosts running Windows 2012 or later may need patching as well
High - Hosts with virtualized guests running ESXi 5.5 or later have the option of patching the host even if not using VMware Workstation
Medium - Guest operating systems such as Linux require no patching for this issue
Timeline
Published on: 01/28/2022 20:15:00 UTC
Last modified on: 02/04/2022 14:18:00 UTC