VMware Tools is a set of services and modules that enable several features in VMware products for better management of guests operating systems and seamless user interactions with them. Without VMware Tools installed in your guest operating system, the guest OS will lose some performance functionalities.
Impacted Product:
VMware Tools for Windows
Vmware has released some updates to remediate this vulnerability. The VMware tool can be directly downloaded from the VMware Customer Connect page. Do ensure to select your desired version. It can also be downloaded directly from the VMware Workstation etc.
Issue description
VMware Tools for Windows contains an XML External Entity (XXE) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.8.
How can this vulnerability be exploited?
A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.
Resolution / Response Matrix
There is currently no workaround for this vulnerability reported. But to have it remediated, you will need to apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware Tools for Windows | 12.0.0, 11.x.y and 10.x.y | Windows | CVE-2022-22977 | Moderate | None | None |
… Above all, these guys performs bug bounty as attackers are doing everything to break IT systems and in turn we see most of these security updates to mitigate these weaknesses!