VMware has published a security advisory to address a vulnerability found in VMware Workstation version 12.x and 14.x, as well as VMWare Fusion version 8.x and 10.x. With virtual network computing (VNC) feature enabled on affected systems, an attacker could remotely exploit the vulnerabilities by opening large number of VNC sessions. The proof-of-concept exploit code is available on the Internet.
Successful exploitation of the vulnerability could lead to denial-of-service condition on an affected system.
The product vendor has released new versions, as well as workarounds, to address the issue at the vendor's website:
System administrators may contact their product support vendors for the fixes and assistance.
https://www.vmware.com/security/advisories/VMSA-2018-0008.html
https://docs.vmware.com/en/VMware-Workstation-Pro/14/rn/workstation-1411-release-notes.html
https://docs.vmware.com/en/VMware-Workstation-Player/14/rn/player-1411-release-notes.html
https://docs.vmware.com/en/VMware-Fusion/10/rn/fusion-1011-release-notes.html
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0376
https://www.hkcert.org/my_url/en/alert/18031601
https://www.us-cert.gov/ncas/current-activity/2018/03/15/VMware-Releases-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6957