Get our weekly newsletter Miscreants can exploit these to make a bad situation much worse
VMware has patched two security flaws, an OS command injection vulnerability and a file upload hole, in its Carbon Black App Control security product running on Windows. Both bugs are rated 9.1 out of 10 in terms of CVSS severity. They can be exploited to execute arbitrary commands on the Windows host, such as commands to deploy malware, exfiltrate data, or explore the rest of the network. In both cases, an attacker needs to be logged in as an administrator or highly privileged user, which means...