VMware Workstation 17.5 Player fixes a security issue
If you use VMWare Workstation Player to run virtual machines on your devices, you may want to update the existing version of the application to the newly released 17.5 version.
VMWare Workstation 17.5 Player fixes a security issue in the application, enhances security by switching encryption schemes, and makes a number of other changes.
Users who run VMWare Workstation Player already on their devices will receive an update notification the next time they run the client. The option to download and install the update is available, but it can also be skipped entirely or postponed.
Downloads are also available on the official project website already.
VMware Workstation 17.5 Player: the security fix
VMWare published information about the patched security issues under VMSA-2023-0022 on its advisories website. The security issue is a out-of-bounds read vulnerability " that exists in the functionality for sharing host Bluetooth devices with the virtual machine" according to VMWare.
An attacker with local administrative privileges in the virtual machine may exploit it to read privileged information "contained in hypervisor memory from a virtual machine". The security issue has a severity rating of important.
The Security Enhancement
VMWare switched from using CBC mode for encrypted virtual machines to XTS. Any newly created virtual machine will make use of XTS automatically. Existing encrypted virtual machines may show an alert to the user, which includes an option to upgrade from CBC to XTS. Information about this process and potential issues is available on this support page.
Cipher Block Chaining is a commonly used algorithm, XEX-based tweaked-codebook mode with ciphertext stealing is a modern standard.
Other improvements
VMWare Workstation Player 17.5 includes the following additional improvements:
- Import and Export Virtual Machines with vTPM device
- Control Virtual Machines using the VMRUN Commands
- Manage Power Operations of Encrypted Virtual Machines using VMREST API
- VMware Hardware Version 21
- Support for up to 256 NVMe devices: 4 controllers and 64 devices per controller.
- Support for NVMe 1.3 in Windows 11 and Windows Server 2022.
The release addresses several issues in previous versions. The full list is available on the official release notes website.
Thanks. I had to search for an update manually from the menu and it was there. The re encryption took about five minutes before the OS would boot.