A security patch was released a few days ago from VMware for ESX 3.5: VMware ESX 3.5, Patch ESX350-200904201-SG: Updates VMX RPM Issues fixed in this patch (and their relevant symptoms, if applicable) include: A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1244 to this issue.