VirtualBox patches critical vulnerabilities, but many users remain at risk

Oracle's popular virtualization software VirtualBox has released patches for vulnerabilities that could lead to Denial-of-Service (DoS) attacks against virtual machines, privilege escalation, and arbitrary code execution.

CVE-2021-2442 allows an attacker to cause VirtualBox to hang or crash, and can even be used to DoS other VirtualBox virtual machines on the host. CVE-2021-2145 and CVE-2021-2310 are both privilege escalation vulnerabilities, and could allow arbitrary code execution or even lead to full takeover of VirtualBox.

Patches for these vulnerabilities have been out since at least July 2021, but many users are still running outdated versions of the software, putting their systems and data at risk. Acronis Cyber Protect includes patch management capabilities that make it easy to keep VirtualBox — and other business-critical software — up-to-date across all of your protected systems through a single web console.