The VMware ESXi flaw gives threat actors full administrative permissions on domain-joined hypervisors.
Two critical vulnerabilities in VMware's vCenter Server centralized management utility could allow remote code execution.
Two of the more severe flaws could each allow attackers with local administrative privileges on virtual machines to execute code as the virtual machine's VMX process running on the host.
For patching, VMware said that "this situation qualifies as an emergency change."
The patch is available two weeks after the vulnerability was first disclosed on Nov. 14.