VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black AppControl platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked asCVE-2022-22951 and CVE-2022-22952, both the flaws are rated 9.1 out of a maximum of 10 on the CVSS vulnerability scoring system.