Details
The VIX API is a library for writing scripts and programs to manipulate virtual machines. If you do not make use of custom VIX programming in your environment, then you should disable certain features, such as the ability to send messages from the VM to the host. Disabling that feature does not adversely affect the functioning of VIX operations that originate outside the guest, so certain VMware and third-party solutions that rely upon this capability should continue to work. This is a deprecated interface.
Rationale:
Disabling unneeded features reduces the potential for vulnerabilities.
Solution
To disable VIX messages from the VM, run the following PowerCLI command:
# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name ‘isolation.tools.vixMessage.disable’ -value $true
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management, Identification and Authentication.This control applies to the following type of system VMware.