Plain Virtualization

When I join NetApp from VMware after spending a good 13 years, I was amazed and taken aback how much NetApp got to offer to customers. It not just a Data fabric company but lots more in the space of how data are managed, stored, secured, and much more surrounding data. The first thing I learnt about is ONTAP, the powerful software operating system that powers all NetApp hard and soft boxes at the very beginning. It also not just a storage but it is the King of Files for a reason. The unique of NetApp is in its way of storing data, Write Anyway File Layout ( WAFL ). Its ability to handle large amount of small files makes it elite on its own. Today NetApp is the ONLY vendor able to handle File, Block and Object all at the same time with ONTAP. NetApp also have acquired a few solutions over the years specific to how data are created, managed, used and secured. Let's leave that to another post for now. Let me drill into 3 key takeaways on why NetApp how it differentiate itself as the ...

Broadcom has release an update to address the below two vulnerabilities. This affect vCenter Server 7.x and 8.x. VMware vCenter Server heap-overflow vulnerability (CVE-2024-38812) This carries a CVSSv3 score of 9.8 VMware vCenter privilege escalation vulnerability (CVE-2024-38813) This carries a CVSSv3 score of 7.5. Both are addressed with resolution with a new binary update for vCenter Server 7U3s and vCenter Server 8U3b. This will affect any VCF 4.x and 5.x which contains either vCenter Server 7.x or 8.x. It is always recommended to get this updated as soon as possible with such rare critical severity. Check out this article for more information.

You might have come across the above concern one that was published here . Since the day VMware vSphere was made available, ESX Admins user group if created in Active Directory will be given admin rights to ESXi when a user is place as a member of ESX Admins group. This was not new. I think some people do not know this existed. Moving forward, it seem hackers are now targeting this function to gain admin rights to the hypervisor. For companies that have concern over this and like to change this group membership name, you can follow this KB . Hope this address the concerns.

Many of our customers have done vulnerability assessment (VA) on vSphere ESXi and often highlighted out the vulerable items such as SHA1 and TLS 1.0, etc.  Some of it were there but not in used and we could not manually remove them such as SHA1, MD5, etc. While some of them were to support lower version such as TLS 1.1 and 1.0.  With vSphere 8, the security enhancement has made uplift to remove unwanted security bundles and as well to support only secured transport connection via TLS 1.2. On top of that, it also added daemons to now run in their own sandboxes instead of in the hypervisor world needing higher permissions which were unneeded and prone to vulnerability attacks. What is new for security is a timeout for SSH shell when enabled on ESXi host. So administrators, no longer are to leave the SSH shell connected for infinite time or even worse forgetting to disconnect and logout of the endpoint where they are connected to the ESXi shell. Lastly, if your hardware used for ...

VMware has release important patches based on the advisory affecting all the hypervisor including ESXi and desktop hypervisor i.e. Workstation and Fusion which contain vulnerabilities that has a CVSSv3 of 7.1-9.3. Most of the listed are all USB related. Most of this might nto affect ESXi since most do not use USB controller on them but more towards the desktop hypervisors. Patches are released fro ESXi 7 and 8 and Workstation 17 and Fusion 13. And since this is a critical severity, VMware has release patches for out of support ESXi 6.5U3v and 6.7U3u for customers on extended support. This also include VCF 3.x that happens to run such version of ESXi.  I hope everyone should have upgraded as a best practice to at least ESXi 7 to avoid such issue where you are not on support and yet running critical workload. If you are still on ESXi 6.5U3v and ESXi 6.7U3u, I would assume you have extended support to tie you through. Do note that if you manage to get the patches from other source wi...

Another high rating of CVSSv3 of 9.8 was released here on VMware Cloud Director appliance. For those not aware, the virtual appliance is a prepackaged virtual machine with added configuration bedded in for easy deployment. This time it is due to authentication bypass vulnerability which allows a user to bypass authenticating on port 22 (ssh) or port 5480 after upgraded to version 10.5 from a previously older version. To resolve this, the updated kb has been released and it provide a script for the workaround to fix this. Do note that this affect only VMware Cloud Director version 10.5 which was upgraded from older version. Not on new deployment or other versions.

A security advisory VMSA-2023-0024 has been release regarding VMware Tools. This compromises of two CVEs namely: CVE-2023-34057, CVE-2023-34058 which carries a CVSSv3 of 7.8 and 7.5 respectively. This mainly affect the host that is running on MacOS or Windows OS with specific VMware Tools version. Both of which are related to bypassing and gaining privilege access.  The one of MacOS might be least impacted since most customer only run MacOS in Fusion or Workstation. Do note and have them updated as the fixed version has been released.

VMware has release a security advisory on a vulnerability on VMware Carbon Black App Control. This comes with a CVSSv3 Range of 9.1. This allow an attacker to gain priviledge access of the operation system that Carbon Black App Control is running on. The fixed has been prompt and it readily available for download.  It is recommended to patch this up if you are using this product. Refer to  https://www.vmware.com/security/advisories/VMSA-2023-0004.html  for more information.

A happy new year to everyone. Hopefully this year will be a great year for everyone. To start off my first blog article of the year, was to bring attention to vRealize Log Insight which need to be updated to fixed the latest vulnerability. Particularly two of which has a CVSSv3 rating of 9.8. Though there is no report of any security related incident due to this vulnerability, it is still highly recommend to patch up the tool before any happens. It is also great to see VMware been active on identifying and releasing the patch before any report of such incident actually happens. Do check out VMSA-2023-0001 to read more about it the two which has the 9.8 rating score.

With the release of vSphere 8 in October, 2022. Many would have asked how do you provide security configuration. Do note this is no longer named "hardening guide" since it is a configuration guide which need to be reviewed by individual organization and see if it deem fit for your requirements. The time have come and the security guide can be found here . Do note that this is an initial availability release. There might be more updates to it based on feedback, etc. so do check back for any updates. This time round, there are new PowerCLI commands that standardize on formatting. Also setting provided that can be modified for the virtual appliance such as vCenter Server. However, do handle with care else any wrong configuration can results in losing your support. Lastly, to reiterate, this is a guide and not an apply all setting runbook. You will have to review the requirements in terms of security requirements in your organization and apply those that are applicable. Do note a...

If you have not follow, here is an article published today at the same time of release of VMSA-2022-0014 which contain a rating for CVSSv3 between 7.8 to 9.8. This impact the use of Workspace One Access on its own in Workspace One or together with other products such as vRA, VCF, and vRSLCM. It is recommended and advised to patch this immediately.

Two security advisories was sent out on Tuesday 15th Feb. One affecting mainly virtualization platform such as ESXi, Workstation, Fusion and Cloud Foundation. While the other impacts NSX-V and Cloud Foundation that contain NSX-V. Both advisories contains vulnerabilities that has a CVSSv3 score of  more than 8. Except for one that is in the first advisory at time of writing. Check back to the advisories for the updated fix once available. The good news is all fixes are now available except pending for Cloud Foundation for CVE-2022-22945. Below is the security advisories which contain the respective CVE. VMSA-2022-0004 Use-after-free vulnerability in XHCI USB controller (CVE-2021-22040) - 8.4 Double-fetch vulnerability in UHCI USB controller (CVE-2021-22041) - 8.4 ESXi settingsd unauthorized access vulnerability (CVE-2021-22042) - 8.2 ESXi settingsd TOCTOU vulnerability (CVE-2021-22043) - 8.2 ESXi slow HTTP POST denial of service vulnerability (CVE-2021-22050) - 5.3 VMSA-2022-00...

Early this morning 11th Dec 2021, SGT, VMware has release a security advisory announcement for  VMSA-2021-0028 regarding a critical vulnerability in Apache Log4j identified by CVE-2021-44228 with a CVSSv3 full score rating of 10. Immediately, VMware has worked on several of the affected products that are affected with workaround or patches. As this is a full score rating, we likely to see VMware update workaround at least and release patches in the next few days. Do check back the page to see more updates. Do note that this is not a vulnerability specific to VMware. This is an Apache vulnerability. It is affecting all solutions that uses Apache. So do check out your environment and ensure all solutions used in your environment that do contain Apache Log4j is worked on. A FAQ site is also release for those with questions regarding this. If you are not aware do subscribe to VMware Security Advisory.

Critical Security Vulnerability Workspace One Access and vRealize Automation VMware has release a security notice VMSA-2021-0016 in regards to Workspace One Access (WOA) i.e VMware Identity Manager (vIDM) with a CVSSv3 base score of 8.6 . It is encourage to apply the patch or workaround as soon as possible. This also applies to vRealize Automation that has embedded vIDM aka WOA. Server Side Request Forgery in vRealize Operations Manager API ( CVE-2021-21975 ) This is impacting vRealize Operations Manager which can be a standalone product, in VMware Cloud Foundation or vCloud Suite and deployed by vRealize Suite Lifecycle Manager. It has a CVSSv3 base score of 8.6 which is highly critical. This allows authenticated user via API to vROps the permission to write files directly locally to the underlying OS, Photon.  VMware vExpert 2021 Second Half Congrats to all new vExpert 2021 from Second Half announcement . It is not easy to have such a big community with everyone contributing wit...

 After changing my role as previously mentioned, it has taken some time off my blogging time. Still I want to pen down some important things that one should be looking at. vExpert Application If you are looking to renew vExpert and missed the dateline earlier the year, or is not already a vExpert, the second half application is now open, check out my post and hope it helps. Sign up now till 9th July where it closes. VMworld 2021 Yes the registration for VMWorld 2021 has now open. Do sign up now to avoid disappointment. vCenter Vulnerability https://www.vmware.com/security/advisories/VMSA-2021-0010.html If you have not been getting notified, you should be worried whether or not your vCenter Server is internet facing. This is a very critical vulnerability as it has a CVSS score of 9.8/10. Make sure you get it patched. This is an issue affecting the way vSAN plugin validation and authentication with vCenter Server via vSphere Client (HTML5). vCenter Server version 6.5 and above are ...

There are so many blogs and articles been posted by many. You can refer to some of the official ones below. What's New in vSAN 7 U2 Duncan's What's New in vSAN 7 U2 Here I am going to list some of the great feature found in vSAN 7 U2 which will help in everyday operations or use cases. vSphere Lifecycle Manager Once feature which was covered in vSphere 7 U2 post, was the ability to upgrade or patch the ESXi with Suspend of memory with Quick Boot. In vSAN, this reduces resynchronization efforts We also mentioned that more vendors hardware support for updates is now available. With the new vLCM, you can now dictate a desired state with an image and a prescribe outcome as a desired result. vSAN Data Persistence Platform (DPp) In vSAN 7 U1, support for a new framework for integrating stateful aps working with Kubernetes Operators such as MINO, DATASTAX, etc. was introduced providing the vSAN Data Persistence platform. In vSAN 7 U2, not j ust providing a easy deployment when the...

There are multiple What's update and overview when vSphere 7.0 Update 2 was released on 9th Jan 2021. I am not here to list down those however, you can check it out below. VMware vSphere 7.0 Update 2 VMware vCenter Server 7.0 Update 2 Release Notes vSphere 7 Update 2 Part 2  (updated 18 Mar) What I like to pinpoint out here is what I find will be useful for an architect choosing the right solution for the right use case and be aware of what is useful to help customers in running it after deployed. I will break this down into three portions in the area of vSphere with Tanzu, AI/ML Platform and vSphere improvement. vSphere with Tanzu As you know vSphere with Tanzu or TKG-s has been introduce when vSphere 7.0 was released. With update 2, it now able to leverage on NSX Advanced Load Balancer (previously known as AVI), an enterprise grade Load Balancer for Supervisor Cluster, Guest cluster (TKG) and Kubernetes Services of Type LoadBalancer deployed in TKG clusters. Check out this articl...

Important alert on CVE-2020-4006 as document here which has a maximum CVSSv3 base score of 7.2 which was discovered on 23rd Nov 2020. A workaround was first provided to mitigate this risk now a fix is available. In summary, this vulnerability allows an attacker who have got hold of the configuration admin account for the affected products to execute commands. The configuration admin account password is set during time of deployment. Affected Products: VMware Workspace One Access (Access) VMware Workspace One Access Connector (Access Connector) VMware Identity Manager (vIDM) VMware Identity Manager Connector (vIDM Connector) VMware Cloud Foundation vRealize Suite Lifecycle Manager  If you are using any of the products affected, do take sometime to remediate this as soon as possible.

VMSA-2020-0006 & CVE-2020-3952 Yes you read it correctly. There is a known vulnerability which may affect your vCenter Server running version 6.7 regardless is it on virtual appliance (vApp) or Windows. It affect new deployment as well as upgraded version from 6.x to 6.7. Here is the article to read more about it. Often to hear from some to wait for a while before patching. I like to bring out a point that software patches and security patches are two different subject. Security patches This affect an immediate vulnerability been address, it should be action on to avoid breaches and compromise. This is utmost important unless your organization does not deem security loophole been important to be addressed or your organization is claimed to be highly secured. Software patches This type of patches is to address bug fixes and some times to upgrade from and update or it can also be release of some features which was delayed, etc. Often, this may not impact many cu...

Recently the most talk about security measurement against the two discovered vulnerabilities has raised a lot of talks. This all started and revealed by  Google Project Zero . I have also recently shared advice from VMware support and KBs to our Singapore VMUG users during our event yesterday. Below is a summary of questions and the approach you should be doing for patching your VMware environment. Details on Spectre and Meltdown https://www.lifehacker.com.au/2018/01/what-are-spectre-and-meltdown-and-why-should-you-care/ https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help Technical explanation:   http://frankdenneman.nl/2018/01/05/explainer-spectre-meltdown-graham-sutherland/ Side Notes ESXi is only affected by Spectre and all patches for ESXi 5.5. and above has been released. Removed due to retracting of code instructed by Intel. Check update below. ESXi is NOT affected by Meltdown as it does not have untrusted user ac...