Plain Virtualization

VMware has release important patches based on the advisory affecting all the hypervisor including ESXi and desktop hypervisor i.e. Workstation and Fusion which contain vulnerabilities that has a CVSSv3 of 7.1-9.3. Most of the listed are all USB related. Most of this might nto affect ESXi since most do not use USB controller on them but more towards the desktop hypervisors. Patches are released fro ESXi 7 and 8 and Workstation 17 and Fusion 13. And since this is a critical severity, VMware has release patches for out of support ESXi 6.5U3v and 6.7U3u for customers on extended support. This also include VCF 3.x that happens to run such version of ESXi.  I hope everyone should have upgraded as a best practice to at least ESXi 7 to avoid such issue where you are not on support and yet running critical workload. If you are still on ESXi 6.5U3v and ESXi 6.7U3u, I would assume you have extended support to tie you through. Do note that if you manage to get the patches from other source wi...

VMware has release a security advisory on a vulnerability on VMware Carbon Black App Control. This comes with a CVSSv3 Range of 9.1. This allow an attacker to gain priviledge access of the operation system that Carbon Black App Control is running on. The fixed has been prompt and it readily available for download.  It is recommended to patch this up if you are using this product. Refer to  https://www.vmware.com/security/advisories/VMSA-2023-0004.html  for more information.

A happy new year to everyone. Hopefully this year will be a great year for everyone. To start off my first blog article of the year, was to bring attention to vRealize Log Insight which need to be updated to fixed the latest vulnerability. Particularly two of which has a CVSSv3 rating of 9.8. Though there is no report of any security related incident due to this vulnerability, it is still highly recommend to patch up the tool before any happens. It is also great to see VMware been active on identifying and releasing the patch before any report of such incident actually happens. Do check out VMSA-2023-0001 to read more about it the two which has the 9.8 rating score.

If you have not follow, here is an article published today at the same time of release of VMSA-2022-0014 which contain a rating for CVSSv3 between 7.8 to 9.8. This impact the use of Workspace One Access on its own in Workspace One or together with other products such as vRA, VCF, and vRSLCM. It is recommended and advised to patch this immediately.

If you are running VMware Identity Manager (vIDM) which comes from Workspace One known as Workspace One Access or in vRealize Automation (vRA), this is something you need to take note and action right now. The security advisories with a CVSSv3 rating of more than 9 is been release and it is best to update to the fixed version. Since this is used for SSO access and all many users will be leveraging this, to avoid serious impact it is best to apply the fixed at soonest. Refer to VMSA-2022-001 .

VMware just release a security advisory,  VMSA-2022-0008 on VMware Carbon Black App Control with a rating for CVSSv3 of 9.1. This addresses two CVE, CVE-2022-22951 and CVE-2022-22952. Both CVEs are addressed via the release patch. As always, do apply them soonest.

Two security advisories was sent out on Tuesday 15th Feb. One affecting mainly virtualization platform such as ESXi, Workstation, Fusion and Cloud Foundation. While the other impacts NSX-V and Cloud Foundation that contain NSX-V. Both advisories contains vulnerabilities that has a CVSSv3 score of  more than 8. Except for one that is in the first advisory at time of writing. Check back to the advisories for the updated fix once available. The good news is all fixes are now available except pending for Cloud Foundation for CVE-2022-22945. Below is the security advisories which contain the respective CVE. VMSA-2022-0004 Use-after-free vulnerability in XHCI USB controller (CVE-2021-22040) - 8.4 Double-fetch vulnerability in UHCI USB controller (CVE-2021-22041) - 8.4 ESXi settingsd unauthorized access vulnerability (CVE-2021-22042) - 8.2 ESXi settingsd TOCTOU vulnerability (CVE-2021-22043) - 8.2 ESXi slow HTTP POST denial of service vulnerability (CVE-2021-22050) - 5.3 VMSA-2022-00...

Early this morning 11th Dec 2021, SGT, VMware has release a security advisory announcement for  VMSA-2021-0028 regarding a critical vulnerability in Apache Log4j identified by CVE-2021-44228 with a CVSSv3 full score rating of 10. Immediately, VMware has worked on several of the affected products that are affected with workaround or patches. As this is a full score rating, we likely to see VMware update workaround at least and release patches in the next few days. Do check back the page to see more updates. Do note that this is not a vulnerability specific to VMware. This is an Apache vulnerability. It is affecting all solutions that uses Apache. So do check out your environment and ensure all solutions used in your environment that do contain Apache Log4j is worked on. A FAQ site is also release for those with questions regarding this. If you are not aware do subscribe to VMware Security Advisory.

A critical vulnerability has been announced by VMware in regards to vCenter Server found in version 6.5, 6.7 and 7.0. The security advisory can be found here . This is bearing a rating of CVSSv3 of 9.8. A list of FAQ is also release for any questions pertaining to this vulnerability. You can also join in the community discussion regarding to this vulnerability here . It is highly recommended to stay up to date by subscribing to the security advisories alerts. Note that this vulnerability consist of several parts. And each either affects all the version of vCenter Server or partial versions of it. It is highly critical and recommended to patch this immediately. As a user of VMware Cloud on AWS (VMC), great to receive notice that the vCenter Server has been addressed in regards to this vulnerability.

Critical Security Vulnerability Workspace One Access and vRealize Automation VMware has release a security notice VMSA-2021-0016 in regards to Workspace One Access (WOA) i.e VMware Identity Manager (vIDM) with a CVSSv3 base score of 8.6 . It is encourage to apply the patch or workaround as soon as possible. This also applies to vRealize Automation that has embedded vIDM aka WOA. Server Side Request Forgery in vRealize Operations Manager API ( CVE-2021-21975 ) This is impacting vRealize Operations Manager which can be a standalone product, in VMware Cloud Foundation or vCloud Suite and deployed by vRealize Suite Lifecycle Manager. It has a CVSSv3 base score of 8.6 which is highly critical. This allows authenticated user via API to vROps the permission to write files directly locally to the underlying OS, Photon.  VMware vExpert 2021 Second Half Congrats to all new vExpert 2021 from Second Half announcement . It is not easy to have such a big community with everyone contributing wit...

 After changing my role as previously mentioned, it has taken some time off my blogging time. Still I want to pen down some important things that one should be looking at. vExpert Application If you are looking to renew vExpert and missed the dateline earlier the year, or is not already a vExpert, the second half application is now open, check out my post and hope it helps. Sign up now till 9th July where it closes. VMworld 2021 Yes the registration for VMWorld 2021 has now open. Do sign up now to avoid disappointment. vCenter Vulnerability https://www.vmware.com/security/advisories/VMSA-2021-0010.html If you have not been getting notified, you should be worried whether or not your vCenter Server is internet facing. This is a very critical vulnerability as it has a CVSS score of 9.8/10. Make sure you get it patched. This is an issue affecting the way vSAN plugin validation and authentication with vCenter Server via vSphere Client (HTML5). vCenter Server version 6.5 and above are ...

Important alert on CVE-2020-4006 as document here which has a maximum CVSSv3 base score of 7.2 which was discovered on 23rd Nov 2020. A workaround was first provided to mitigate this risk now a fix is available. In summary, this vulnerability allows an attacker who have got hold of the configuration admin account for the affected products to execute commands. The configuration admin account password is set during time of deployment. Affected Products: VMware Workspace One Access (Access) VMware Workspace One Access Connector (Access Connector) VMware Identity Manager (vIDM) VMware Identity Manager Connector (vIDM Connector) VMware Cloud Foundation vRealize Suite Lifecycle Manager  If you are using any of the products affected, do take sometime to remediate this as soon as possible.

If you are new to VMware or not aware, VMware has a Security Advisories page that publishes any new vulnerabilities found in any of its products, including VMware Fusion and Workstation. In fact, to keep yourself updated, it is good to subscribe for such new notices.  Just head over to the page to subscribe. Just yesterday, 15th Sept, there is a critical vulnerability notice which affects ESXi 6.5 (not the Update 1). Always good to stay up to date and apply such critical patches as soon as you can.

Recently many new channels has articles on the code leak and you can see the official announcement here .  VMware has also release ahead of patch cycle as well documented here . Many users asked about the concerns they have.  First and foremost, won't open source be also a concern if we were to use it as well? Every organization would have in place certain regulation and policy in their infrastructure be it hardening, patches to be up to date and firewalls, etc.  If these are been follow up and maintain compliance, is there much of a concern really? One article from Michael White, a VCDX makes really good sense and encourage you to have a read. This single file from ESX code dating to 2004 was leaked and I wonder who much vulnerabilities that wasn't discovered from VMware regular patches till now 8 years later.  If any of the environment are still vulnerable due to this leak this will be disastrous and it can only see how back dated the servers are not keep ...