Virtual Alarm: VMware Issues Major Security Advisory
VMWare vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins.
Virtualisation security covers hypervisors, virtual machines, and isolated workloads, where flaws or misconfiguration can expose systems and data.
Search across headline titles and summaries.
Background for this topic.
Virtualisation uses software to divide or simulate computing resources so multiple isolated virtual machines (VMs) can share a physical host. Each VM can run its own operating system and applications; a hypervisor controls access to the host’s processors, memory, storage and devices. The term can also include virtual networks and storage, while containers provide a related but less isolated form of workload virtualisation.
Security depends on the hypervisor and its management plane being securely configured, patched and access-controlled. A hypervisor vulnerability or misconfiguration can expose data across VMs, and a VM escape can allow code running in one guest to reach the host or other guests. Virtual machine images, templates and snapshots may retain credentials or sensitive data and therefore require inventory, integrity checks, encryption and controlled retention. Network segmentation between virtual workloads should be enforced through explicit policies rather than assumed from virtual separation. These controls also support reliable investigation and recovery by preserving trustworthy images and records of administrative changes.
VMWare vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins.
VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. [...]
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs
Takes rare step of issuing patches for end-of-life versions, as some staff report end-of-career letters VMware has disclosed a critical vulnerability in its vCenter Server – and that it issued an update to fix it weeks ago, along with patches for unsupported versions of the software.…
VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs). [...]