VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise vulnerable systems after the first software update, issued last month, didn’t work. Plus, in the same security update, VMware fixed (again) a make-me-root flaw in vCenter that’s pretty nasty, too.
Source: The Register