Hello everyone. This is Dina from VXVLGSC support team.
In this video, we are going to cover the workaround instructions for the USB controller bugs, CV E 040 and CV E 041 and also the recommendations to mitigate the issue. First, let's have a brief description about these vulnerabilities also called the USB controller box. VM Ware has published recently V MS A 0004 that addresses security vulnerabilities found and resolved in the VM ware, Esxivm ware workstation, fusion and VMWARE cloud foundation products briefly patching the VMWARE ESX I workstation and fusion are the fastest methods to resolve these issues.
There is also a workaround to remove the USB controllers from the virtual machines which we are going to discuss in this video. These bugs specifically CV E 040 and 041 are found in the USB controllers for the vmyesx I fusion and workstation exploitation could give Attackers access to workloads inside the organization's virtual environments. Taking advantage of this year's be bug. Anyone with local administrative privileges on a virtual machine would be able to execute code as the VMS virtual machine extension. The VMX process running on the host.
The VMX process mainly runs in the VM kernel and it is also responsible for handling input output to devices that are not critical to performance. And it's also responsible for communicating with user interfaces, snapshot managers and remote console. Moving forward to the workaround to address this issue. The workaround for both CV ES is to remove the USB controllers from the virtual machine. And as a result USB pass through functionality will be unavailable. Taking into consideration while the ESX I host supports hot removal of the USB controller, the guest operating system of the virtual machine must also support the hot removal functionality.
If the guest operating system does not support hot removal of a USB controller, then the VM will need to be powered off to make sure that the guest operating system of the virtual machine supports the hot removal functionality. You can refer to the vendor's documentation. OK. So let's start applying this work around on our environment. First, we are going to log into the Vsphere client U I then navigate to the data center, click on VMS tab and then on the virtual machines which we are already on.
Then we are going to navigate to the virtual machine on which you want to remove the USB from right, click on the virtual machine, then edit settings also ensure that the U SS B controller is not in use prior to removing it from the virtual machine. And if required power of the virtual machine. In this case, there is no requirement to power of the gas OS. OK. So we are going to navigate to the USB part and then remove the USB controller, then click on. OK, to apply the new virtual machine configuration. OK? You'll find that the status of the task has completed. That's all for this work around. That's all for today.
Thanks for watching and have a great day.