CVE-2022-22977: VMware Tools for Windows update addresses an XML External Entity (XXE) vulnerability


VMware Tools is a set of services and modules that enable several features in VMware products for better management of guests operating systems and seamless user interactions with them. VMware Tools has the ability to: Pass messages from the host operating system to the guest operating system. You may want to see this guide: How to create and delete a snapshot on VMware Workstation, and how to install Windows Server 2022 on VMware Workstation. Therefore, this set of a suite of utilities enhances the performance of the virtual machine guest operating system and improves the management of the virtual machine. Without VMware Tools installed in your guest operating system, guest performance lacks important functionality. Installing VMware Tools eliminates or improves these issues:

  • Low video resolution
  • Inadequate color depth
  • Incorrect display of network speed
  • Restricted movement of the mouse
  • Inability to copy and paste and drag and drop files
  • Missing sound
  • Provides the ability to take quiesced snapshots of the guest OS
  • Synchronizes the time in the guest operating system with the time on the host

Impacted Product:

VMware Tools for Windows.  

Vmware has released some updates to remediate this vulnerability. Kindly refer to these related guides: Here are some related fixes in other products: VMware vCenter Server updates address an information disclosure vulnerability, how to extend a VM’s Hard Disk on VMware Workstation, and Patch available to address vCenter Server information disclosure vulnerability.

The VMware tool can be directly downloaded from the VMware Customer Connect page. Do ensure to select your desired version. It can also be downloaded directly from the VMware Workstation etc. These files are provided for easier access and installation of VMware Tools in Windows guest operating systems.

Issue description

VMware Tools for Windows contains an XML External Entity (XXE) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.8.

How can this vulnerability be exploited?

A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.

Resolution / Response Matrix

There is currently no workaround for this vulnerability reported. But to have it remediated, you will need to apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Tools for Windows12.0.0, 11.x.y and 10.x.yWindowsCVE-2022-229775.8Moderate 12.0.5NoneNone

This issue was brought to the notice of VMware by ycdxsb of VARAS@IIE, Jake Baines of Rapid7, and Sascha Meyer of GAI NetConsult GmbH.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x