A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox.

An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.

End-of-the-month Security Alerts for September 2023

Here are newly identified product-alerts and cyber-security highlights for the last week of September: 1. Google Chrome Zero-Day Vulnerability; 2. Microsoft Internet Connection Sharing (ICS) Remote Code Execution Vulnerability; 3. Cisco Catalyst SD-WAN Manager Vulnerabilities

Cisco Security Advisory for Multiple Products

Cisco published two alerts for the following products. Please follow the steps to remediate them. For assistance, contact Patrick Boyd, Director of Operations by email, Patrick.Boyd@Cornerstone.IT or by phone at 646-530-8930