Critical: vCenter Server Vulnerability VMSA-2021-0002

-

Many might have been raised alert on the recent vCenter Server vulnerability which was raised as a 9.8/10 scale rating. One of it can be found here reported on Feb 23rd.

If you have subscribe to VMware Security advisory, you would have received this information VMSA–2021–0002.

I would strongly encourage anyone who is using VMware solution to subscribe to VMware Securities Advisories so as to be kept informed of any security information.

If you have refer to VMSA-2021-002, vCenter Server version 7.0 U1c was updated in Dec 17th, 6.7 U3I Nov 19th and lastly 6.5 U3N Feb 23rd one day after the report. If you have been up to date, you would have been protected way before the report was announced. The only version was 6.5 which was release a day after, but based on the report, it was a one day turn around which is still impressive.

Also this is very critical for vCenter Server that are connected to the internet. However, this case would be minimal as most customer would not have place their management server facing internet. This normally would be front by a proxy server to start with. Nevertheless, do get yourself updated for any critical security patches to be save from a compromise.


Comments

Post a Comment

Popular posts from this blog

Why VMware or Why Not after Broadcom?

-
The Truth Yes, the news of VMware acquired by Broadcom has come to a realization. We cannot denied the truth since 22nd Nov 2023. Prior the acquisition, if you have made a multi-year purchase before that, you will have whatever you can consume after the acquisition. VMware after the acquisition has release new bundle of all their offerings and end the perpetual licensing offer to the market. The individual products are not make available and cannot be purchase as a standalone. But are offered via two bundle namely; VMware vSphere Foundation (VVF), VMware Cloud Foundation (VCF). Both of which are all subscription licenses. It also ends all sales and renewal of any perpetual licenses. Honestly, VMware has been trying to end its perpetual license and into subscription for the longest time. With the Broadcom acquisition, VMware has been one of the last major player that has moved to subscription license. Customer who are on VMware, has been enjoying the great pricing with no limit of cores
Read more

VMware by Broadcom, A New Chapter Forward

-
With Broadcom acquisition of VMware completing in 22nd Nov, there have been lots of assumption made by many sources what will become of the business direction. Here are some of the updates that are publicly announced if you have not catch up on the news. To start with, VMware is now known as VMware by Broadcom and all originally VMware software will remain to be branded under VMware. The first announcement 27th November, Carbon Black is  now  an autonomous unit within Broadcom. In my opinion this is good news. I have seen not much integration on Carbon Black ever since acquired by VMware so with that move, it allows Carbon Black to innovate and do what they do best in Cyber security landscape. Next from the acquisition completion, there are many speculation on after the acquisition what will end up of End User Computing? With the  announcement  on 8th December, The End User Computing (EUC) division will be a diverse business. With that understanding, EUC division will operate on their
Read more

VMware Perpetual License EOA Support

-
If you have not read this blog from Broadcom by Hock Tan check it out . It helps to outline few things that has been confusion for many. First, the old perpetual licensing from any vendor including VMware, are sold in two parts. 1. perpetual license, 2. Support and Subscription (SnS) Part 1, basically let you own the license and do what you deem fit with it. And part 2, allows you to log a case for support assistance, and upgrade or downgrade the license and have patches and security release whenever its available as long the product is still supported. From the blog, it clarify once again that part 1 is true, customers are allow to use the perpetual license even if its out of support as long as they deem fit. " To ensure that customers whose maintenance and support contracts have expired and choose to not continue on one of our subscription offerings are able to use perpetual licenses in a safe and secure fashion, we are announcing free access to zero-day security patches for sup
Read more