Details
If you do not make use of custom VIX programming in your environment then you should
disable this feature to reduce the potential for vulnerabilities.
*Rationale*
The VIX API is a library for writing scripts and programs to manipulate virtual machines. If
you do not make use of custom VIX programming in your environment, then you should
disable certain features to reduce the potential for vulnerabilities. The ability to send
messages from the VM to the host is one of these features.
Note- Disabling this feature does NOT adversely affect the functioning of VIX operations
that originate outside the guest, so certain VMware and 3rd party solutions that rely upon
this capability should continue to work. This is a deprecated interface. Ensure that any
deprecated interface is turned off for audit purposes.
Solution
To implement the recommended configuration state, run the following PowerCLI
command-# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name ‘isolation.tools.vixMessage.disable’ -value $true
Impact-Guest will no longer be able to send messages via VIX API.
Default Value-The prescribed state is not the default state.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.