VMware has released a high priority View security bulletin that affects View 5.x users prior to 5.1.2 and View 4.x users prior to 4.6.2. This is a directory traversal security vulnerability that allows unauthenticated remote attackers to get access to any file on the affected View Servers. For externally facing View Security servers, this is particularly severe.
You can read the full VMware Security Bulletin here. If you are running a View environment, and in particular View Security Servers, I would urge you to immediately review the bulletin and take action to remediate the issue.
Snippet from the bulletin:
1. Summary
VMware View releases address a critical directory traversal vulnerability in the View Connection Server and View Security Server.
2. Relevant releases
VMware View 5.x prior to version 5.1.2
VMware View 4.x prior to version 4.6.2
    Â
3. Problem Description
a. VMware View Server directory traversal
VMware View contains a critical directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive information stored on the server.
Workarounds
This vulnerability affects both the View Connection Server and the View Security Server; VMware recommends that customers immediately update both servers to a fixed version of View.
Customers who are unable to immediately update their View Servers should consider the following options:
•Disable Security Server
Disabling the Security Server will prevent exploitation of this vulnerability over untrusted remote networks. To restore functionality for remote users, allow them to connect to the Connection Server via a VPN.
•Block directory traversal attempts
It may be possible to prevent exploitation of this issue by blocking directory traversal attacks with an intrusion protection system or application layer firewall.
Warning about View 5.1.2: I upgraded a View Connection Server and Virtual Desktop View Agents from 5.1.1 to 5.1.2. Connectivity to from the VCS to the Agents is lost unless the Windows Firewall is turned off on both the VCS and VDs. Agent 5.1.1 can communicate with VCS 5.1.2 with the VD firewall on and the VCS firewall off. Agent 5.1.2 can communicate with VCS 5.1.1 with the VD firewall off and the VCS firewall on. Diffs of exported, sorted lists of incoming firewall rules for the VD and VCS for 5.1.1 and 5.1.2 clearly show changes related to the… Read more »
VMware Tech Support provided a workaround for the above, saying that it is due to a problem with the key pair identifying the VM to the View Manager resulting from a flawed agent upgrade process. The workaround for manual pools is as follows:1) Remove the affected VM from View Manager (don’t delete the VM from disk).2) Uninstall the View Agent 5.1.2 from the VM.3) On the VM delete the registry key HKLM\SOFTWARE\VMware, Inc.\VMware VDM and all subkeys.4) To do this sucesssfully it may be necessry to add full control permissions for local Administrators to the key HKLM\SOFTWARE\VMware, Inc.\VMware VDM\KeyVault\vmware_view_wsnm_jms.5) Reinstall… Read more »