How to check for “VMSA-2018-0025”

On “2018-10-09” VMware announced a new security advisory “VMSA-2018-0025“.

VMware ESXi, Workstation and Fusion contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

If you’ve few VMs then checking might be a little easier as described in the VMSA but if you’ve more than few VMs, then checking them could take a little time. I wrote below PowerCLI script in order to check all VMs for this vulnerability.

You can simply connect to your vCenter server or all ESXi hosts (if you don’t have vCenter server) and the run below script.

Get-VM | %{
 $3d = ($_ | Get-View).config.extraconfig | where {$_.key -eq "mks.enable3d"}
 if ($3d) {
  Write-Host "Warning!!  " -ForegroundColor Red -NoNewline
  Write-Host "3D-acceleration is enabled for " -ForegroundColor White -NoNewline
  Write-host "$_" -ForegroundColor Red -NoNewline
  Write-Host ", based on VMSA-2018-0025 you need disable this feature." -ForegroundColor White
 } elseif (!$3d) {
  Write-Host "Awesome!!  " -ForegroundColor Green -NoNewline
  Write-Host "$_ is comply with VMSA-2018-0025" -ForegroundColor White

It's your kindness to leave a reply/feedback