Workaround for VMware Tools for Windows security vulnerability (CVE-2020-3941)
search cancel

Workaround for VMware Tools for Windows security vulnerability (CVE-2020-3941)


Article ID: 324678


Updated On:




CVE-2020-3941 has been determined to affect VMware Tools on Windows version 10.x.y. This vulnerability and its impact on VMware products are documented in VMSA-2020-0002. Please review this advisory before continuing as there may be considerations outside the scope of this document.

The VMware Tools team has investigated CVE-2020-3941 and determined that the possibility of exploitation can be removed by performing the steps detailed in the Workaround section of this article.


This issue is resolved in VMware Tools 11.0.0 and later, available at VMware Downloads.

To remediate this issue, it is recommended to upgrade VMware Tools to 11.0.0 or later. 
However, if upgrading is not possible, exploitation of this issue can be prevented by correcting the ACLs on C:\ProgramData\VMware\VMware CAF directory in the Windows guests running VMware Tools 10.x.y versions. In order to correct ACLs for this directory, remove all write access permissions for Standard User from the directory. 

To correct ACLs for this directory: 
  1. Disable inheritance, remove all inherited permissions, grant “Full control” to local System account and Administrators group
  2. Correct the ACL from the Windows UI via Properties of the directory 

Request a Product Feature

To request a new product feature, please contact your VMware representative.