VMWare Says: Patch NOW!

Are you running vCenter Server 6.5, 6.7 or 7.0? Or VMWare Cloud Foundation. If so, you are vulnerable if you have not deployed these patches.

“All environments are different, have different tolerance for risk, and have different security controls and defense-in-depth to mitigate risk, so the decision on how to proceed is up to you,” he writes. “However, given the severity, we strongly recommend that you act.”

One of the bugs, designated CVE-2021-21985, has a risk rating of 9.8 out of 10 and allows an attacker to execute arbitrary code remotely.

While this bug is in the vSAN plugin, users are vulnerable even if they don’t use it.

Hackers can find which VMWare installations are vulnerable using Shodan, then attack them. So far, the count is at least 5,500 installations vulnerable.

A security researcher reported that he has developed a proof of concept exploit for one of the bugs.

“ESXi vulnerabilities get used by a small number of ransomware groups as they allow bypass of all security controls – when you’re on the hypervisor layer you’re above the OS and security layer, so you can do what you like,” Arcadia’s Beaumont says.

Now would probably be a good time to install the patches.

Credit: VMWare