VMware has released security updates to address a local privilege escalation vulnerability (CVE-2020-3941) in VMware Tools for Windows.
According to the VMware advisory VMSA-2020-0002, the repair operation of VMware Tools for Windows has a race condition. As a result, VMware has assigned this High severity vulnerability a CVSSv3 score of 7.8.
“A malicious actor on the guest VM might exploit the race condition and escalate their privileges on a Windows VM,” VMware warned in the advisory.
This vulnerability affects VMware Tools for Windows version 10.x.y.
VMware recommends administrators upgrade to VMware Tools 11 or later to mitigate the issue.