VMware released security advisory VMSA-2009-007. The security advisory is related to the “Descheduled time accounting service” an optional, experimentally supported component of the VMware tools. The denial of service vulnerability only exists on Windows based VM’s with the descheduled time accounting service installed, but not running. The advisory lists the conditions and required steps to remediate these VM’s and the various VMware platforms that they may be running on.
For ESX 3.5, the patch ESX350-200904401-BG released last month is required.
For ESX 3.0.3, patch ESX303-200905401-SG released this week is required.
You can subscribe to VMware Security announcments here: http://lists.vmware.com/mailman/listinfo/security-announce