The holes affect the hypervisor-based ESX Server versions 2 and 3.
In September, VMware issued a patch release to correct 13 "highly critical" flaws in the ESX Server. The product allows multiple virtual machines to run on the same physical server.
News of the vulnerabilities come one day after public reports said VMware soon plans to unveil a security initiative -- called VMSafe -- whose goal is to protect machines running on the company's virtualisation software. VMware plans to partner with a number of large IT security players -- including Symantec, McAfee and IBM Internet Security Systems -- on the undertaking.
See original article on scmagazineus.com