VMware warns of three critical holes in remote-control tool

Anyone can pretend to be your Windows IT support and take command of staff devices

VMware has revealed a terrible trio of critical-rated flaws in Workspace ONE Assist for Windows – a product used by IT and help desk staff to remotely take over and manage employees' devices.

The flaws are all rated 9.8 out of 10 in CVSS severity. A miscreant able to reach a Workspace ONE Assist deployment, either over the internet or on the network, can exploit any of these three bugs to obtain administrative access without the need to authenticate. At which point the intruder or rogue insider can contact users to offer them assistance that is anything but helpful, such as seizing control of devices.

It's all possible because Workspace ONE Assist's authentication code appears to be – let's not sugar coat this – borked.

We make that assertion because one of the flaws (CVE-2022-31685) allows an attacker to bypass authentication. CVE-2022-31686 is described as a "broken authentication method," and a broken access control is the problem detailed in CVE-2022-31687.

But wait, there's more! Workspace ONE Assist is also afflicted with a 6.4-rated cross-site scripting vulnerability (CVE-2022-31688) that – thanks to improper user input sanitization – can be exploited, with some user interaction, to inject and run malicious JavaScript code in the victim's window.

There's also CVE-2022-31689 to worry about – a 4.2-rated vuln that enables a malicious actor who obtains a valid session token to authenticate to the application using that token.

These flaws apply to versions 21.x and 22.x of Workspace ONE Assist. Version 21.x appears to have debuted in early 2021, while the 22.x series emerged in March 2022.

Version 22.10 clears up all of the above messes, adds a few features, and tidies up some other issues. It's yours for the downloading here.

VMware hat-tipped Jasper Westerman, Jan van der Put, Yanick de Pater, and Harm Blankers of REQON IT-Security for discovering and reporting the security weaknesses.

In happier news for Virtzilla, the company has announced that its cloudy wares are now available through HPE's GreenLake ITaaS platform, plus – irony alert – a "more secure" version of its Anywhere Workspace hybrid work suite. ®

Send us news
Post a comment

VMware refreshes desktop hypervisors, adds Apple Silicon support

Partial VM encryption enables the virtual TPMs Windows 11 guests can't live without

UK authorities open preliminary probe into Broadcom's VMware acquisition

Hard to see multi-cloud management, hypervisors, or enterprise security triggering public interest test to can the deal

Broadcom tries to quash VMware price rise rumors as CEO promises they won't

Hock Tan says hiring engineers is his strategy … but still won't explain plan for massive rapid profit increase

Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover

Take a break from the gaming and fix these now

UK bans Chinese CCTV cameras on 'sensitive' government sites

Agencies told to rip 'em off core networks and replace 'em whenever and wherever possible

World Cup phishing emails spike in Middle Eastern countries

That's where the money is

AWS fixes 'confused deputy' vulnerability in AppSync

Datadog security researchers found the flaw before miscreants did

Criminals use trending TikTok challenge to make data-stealing malware invisible

PSA: Don't download unknown apps even if they promise naked people

Iranian cyberspies exploited Log4j to break into a US govt network

It's the gift to cybercriminals that keeps on giving

Google warns about commercial Heliconia spyware hitting Chrome, Firefox and Microsoft Defender

Meanwhile NSO faces new lawsuit over Pegasus flying onto journalists' phones

Intruders gain access to user data in LastPass incident

Password manager working to identify info affected but says credentials are safely encrypted

Cloudflare finds a way through China's network defences

Teams with locals to allow consistent security policy to make it through the Great Firewall