Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization.

This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user.

Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ

Security Impact Rating: High

CVE: CVE-2020-3588

Related:

  • No Related Posts

When Launching an App-V Application, This Message is Shown “Cannot Start”.

On the VDA, open PowerShell as an Admin and verify that the application information is listed by running command:

Get-AppvClientPackage -All

The command output shows a failure, and the message “The Microsoft Application Virtualization Service may not have been started. Verify that the service is running.

That may indicate that App-V is not enabled on the VDA.

Run command Enable-App-V and restart Desktop service.

NOTE: If VDAs are not persistent, run the command in master image and update the catalog.

Related:

Who’s Holding Your Data Wallet?

The volume of data created by today’s enterprise workloads continues to grow exponentially. Data growth combined with advancements in artificial intelligence, machine learning, and containerized application platforms, creates a real challenge supporting critical business requirements. This can really place heavy demand on your infrastructure. Adaptability and agility means having the right resources to service ever changing needs. Performing at scale while keeping up with data growth to deliver business critical outcomes comes from a well architected solution that comprehends all the functional ingredients: networking, storage, compute, virtualization, automated lifecycle management, and most importantly the applications. It … READ MORE

Related:

  • No Related Posts

The New Powerhouse for Your Data Center

This week marks the finish line of the Dell EMC PowerEdge with 2nd Gen AMD EPYC product portfolio launch. With the release of the R7525, we are excited to have a complete set of servers that handle any of your data center needs. Each server has a unique and compelling design, to handle a spectrum of workloads better than previous generations. Now that our products are live, it is time to share how to best use them. The single socket servers (R6515 & R7515) have been well received for virtualization, business applications and data analytics. The … READ MORE

Related:

Back to Bare Metal with Dell EMC and Ironic

Why Bare Metal? As the world makes progress towards Software Defined Everything with virtualization, abstraction and containerization. Bare Metal management is becoming the center of attention. That means consumers can deploy platforms, like vSphere, OpenStack, Kubernetes, and direct bare metal workloads. Bare metal is primarily used for automated hardware lifecycle management and configuration at the data center, edge and remote sites. This allows automating the infrastructure in a uniform, consistent manner across all sites. In addition to making the infrastructure easier to consume, operate and manage, bare metal deployments provide advantages with the performance, resource utilization, … READ MORE

Related:

Bridging the Gap Between Virtual and Physical Networks

This blog is co-authored by Bops Puliyanda, Senior Product Line Manager, VMware Network & Security. The evolution of networks has seen a shift from legacy, proprietary technologies that are hardware-bound to modern, open technologies that are software-driven and driving innovation. As seen with the rapid adoption of server virtualization throughout data centers, today’s organizations are embracing the concepts of a software-defined network based on virtualization concepts that bring enhanced efficiency, agility and security. The challenge that remains is how to ensure the physical underlay network is provisioned and optimized for these virtual environments. The Dell EMC … READ MORE

Related:

Slow file operations in Office 365

I need a solution

We noticed that certain file operations are very slow in Office 365 when Symantec Endpoint Protection is active.

A typical example was opening a .js file which took ~0.5 seconds where one would expect a few milliseconds at most.

We traced this down to the CreateFile API call. Process Monitor shows lots of calls by NortonSecurity.exe and ccSvcHst.exe until the call returns. And it does so every time the same file is opened.

This delay does not happen in other applications or when a folder or file extension is excluded from SONAR. It might be related to Office’s app virtualization that makes SEP scan the file more often than needed (I found some interesting research on Office app virtualization here).

Symantec, can could please see how this issue can be resolved?

0

Related:

It’s Time for the Media and Entertainment Industry to Virtualize

When it comes to virtualization, the media and entertainment (M&E) industry has lagged other industries. For 30 years, broadcast engineers have relied on bare-metal hardware and hard-coded applications, trusting that these solutions could deliver the performance and predictability required of a broadcast network. Broadcast engineers have been wary of virtualization. But for M&E, virtualization in private, public or hybrid-cloud environments offers many tangible benefits: streamlined workflows, increased automation, lower cost of ownership, reduced production time and much more. In fact, forward-thinking media companies are now realizing that virtualization is the only way they’ll be able to … READ MORE

Related:

App Layering: Machine Time on a Published Image is Wrong at First Boot

You can always manually set the time once the machine starts, but that might be a pain to remember to do every time you publish a new image.

The initial clock time in Windows on a physical machine comes from a battery-powered clock on the motherboard (called TOD for Time Of Day), which is set to the local time in Windows’ current timezone. In a virtual machine, the virtualized TOD clock is set by the hypervisor at bootup. Since hypervisors normally know the time in GMT rather than a local timezone, your hypervisor has to know what “local time” is for your Windows instance in your virtual machine before it powers on. If the hypervisor doesn’t know the conversion factor for the VM’s local timezone, the initial time can be off by hours. Hypervisors learn the machine’s local time zone pretty quickly, but it means that the first boot for any VM is usually wrong.

In a published App Layering image, unless your template is derived from a VM that was originally a full Windows machine set to the correct timezone, the first boot usually has bad clock time. However, if your Platform Layer was added to the domain, your published VM should also have the correct information for how to sync its clock with the Domain Controller.

So make sure your Platform Layer was joined to the domain, so it can immediately correct the clock discrepancy.

Otherwise, consider setting this registry key so that Windows will treat the motherboard clock as being in UTC rather than the local timezone:

[HKEY_LOCAL_MACHINESystemCurrentControlSetControlTimeZoneInformation]

“RealTimeIsUniversal”=DWORD 1

Some hypervisors store the local timezone offset for a VM as a virtual motherboard resource. When Windows is running, every time it updates the clock time, it sets the motherboard resource to be the correct time. This is how your hypervisor finds out what the timezone offset for this VM is: because Windows is always writing local time to the motherboard, all your hypervisor has to do is compare the motherboard resource for the TOD clock to the hypervisor’s own clock. That timezone offset is an attribute of the VM itself, not part of Windows and not part of the virtual disk.

For instance, in vSphere, the time-of-day offset can be set as a parameter in the VMX (or VMTX) file. You can force the CMOS TOD clock’s offset to be initialized to a specific value at power on. To do so, set the option rtc.diffFromUTC in the virtual machine’s .vmx/.vmtx configuration file to a value in seconds. For example, setting rtc.diffFromUTC = 0 sets the clock to UTC at power on, while setting rtc.diffFromUTC = -25200 sets it to Pacific Daylight Time, seven hours earlier than UTC.

Note that Nutanix does not currently notice and record the time zone offset of a VM. You would need to set it manually. See this thread, for instance:

https://next.nutanix.com/installation-configuration-23/windows-vm-time-issues-22562

It may be worthwhile to generate a new template for your Connector, by having (or building) a Windows VM that has booted in the correct time zone. If you have a template you want to continue using, for instance, convert it to a VM, attach a bootable Windows disk (or boot from PVS or something like that – it’s just important that Windows run on this machine), power the machine on, and set the clock correctly. When you adjust the clock, Windows writes it to the motherboard, and your hypervisor records the offset in the virtual machine parameters. Then you can shut the machine down, remove any extra disks, and convert it back to a template.

You can also just take a working Windows machine with a correct local time, shut it down, clone it, remove any extra disks, and convert that to a VM template. This is one good reason to make a template out of a clone of your original Gold VM that you imported your OS Layer from: it already has all the virtual hardware parameters you want, including the local clock offset. Now that your template includes the current timezone offset, your hypervisor will be able to set the initial motherboard TOD clock correctly, meaning Windows has the correct time immediately and doesn’t need to wait for a jump when AD comes in to set the clock.

Configure your Connector to use this template so that newly published images will be correct. If you are using PVS, you should also use this template to build your Target Machines so that the virtual hardware of your Target Machines matches the hardware your layers were built from, including the local timezone offset.

Note that it’s also possible to have your hypervisor’s internal clock wrong. Also, your PVS server will try to set the machine’s clock based on the PVS server’s local clock. If any of these are wrong, you will need to get them synched as well.

Related:

issue with BSOD + fslx.sys (Workspace Virtualization Agent 7.5.522)

I need a solution

Hello

Please help me sometimes I see issue with BSOD + fslx.sys . I have Windows 7 desktop pc + Workspace Virtualization Agent 7.5.522. more in attachment (dump file) Exists some fix for this issue?

many thx for feedback

0

Related: