The VMware Workspace ONE AirLift version 1.1 release has a critical information disclosure that exposes user credentials to other local users with access to the Windows system log. This exposure does not occur on the devices themselves, only on the system upon which AirLift 1.1 is installed. VMware Workspace ONE has released the AirLift 1.1.1 version to remediate this issue and recommends that all customers update to the patch as soon as possible.
We have fully remediated this security vulnerability in the now released AirLift version 1.1.1 on the My Workspace ONE portal. VMware Workspace ONE recommends the following procedure as corrective actions for organizations to address the issue:
- Stop the VMware AirLift services using the Windows Services Applet.
- Purge the Windows system event log between the dates of the original AirLift install and the current date.
- VMware recommends that the password provided for the SCCM/ConfigMgr account be reset.
- Download the AirLift 1.1.1 version (available here) and perform an in-place upgrade to secure the system appropriately. Provide the updated SCCM/ConfigMgr password in the AirLift configuration tab. There is no operational impact to this upgrade.
Support Contact Information
The VMware Workspace ONE Team
Other Languages: 日本語