VMware Critical Vulnerabilities (September 2021)
Deja vu again! New additional Critical severity vulnerabilities have once again been privately reported to VMware.
Unlike previous vulnerabilities identified, only version 6.7 and 7.0 have identified as critical severity, however version 6.5 still has important vulnerabilities that need to be addressed.
This critical vulnerability means that a malicious actor with network access to port 443 on the vCenter server could exploit this to upload a special file to execute code on the vCenter Server.
VMware has offered a workaround for the critical vulnerability CVE-2021-22005, with more details about this in the KB article below:
https://kb.vmware.com/s/article/85717
However due to the temporary nature of the workaround, it is highly recommended to patch to the latest version remediating against the latest vulnerabilities.
The versions below address the identified vulnerabilities:
vCenter Server 7.0 – vCenter Server 7.0 Update 2d (7.0.2.00500), Build number: 18455184
vCenter Server 6.7 – vCenter Appliance 6.7 Update 3o (6.7.0.50000), Build number: 18485166
vCenter Server 6.5 – vCenter Server 6.5 U3q (6.5.0.37000), Build number: 18499837
More details about the advisory and associated versions can be found below:
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
If you are a Perfekt Managed Services customer with VMware management included, then rest assured that by the time you read this the remediation work for your environment has already started or completed.
As always with all VMware upgrades, please remember to check that your integrated product versions are compatible with the new versions before upgrading, especially with things such as VMware SRM and their 3rd party backup products.
VMware Critical Vulnerabilities (May 2021)
It’s an almost déjà vu feeling from March this year, but there have been some additional critical security alerts sent out from VMware in the last week. These again are covering some privately reported vulnerabilities, not things seen out in the wild. They affect all currently supported versions of vCenter (6.5, 6.7 and 7.0) and have a critical severity and index associated. This time around it does only affect vCenter though, not the ESXi hosts themselves, which makes remediation more straightforward.
There have been new versions of vCenter (6.5 U3p, 6.7 U3n and 7.0 U2b) released this week which closes the potential vulnerability.
VMware has also documented workarounds for the vulnerabilities if these cannot be patched immediately. These workarounds disable the features of the products which are affected by the vulnerabilities. These are the plugins to vCenter for vSAN health checks, vROPs, Site Recovery Manager, vSphere Lifecycle Manager and vCloud Director Availability.
More information on the advisory and associated updated versions and workarounds can be found here – https://www.vmware.com/security/advisories/VMSA-2021-0010.html
If you are a Perfekt Managed Services customer with VMware management included, then rest assured that by the time you read this the remediation work for your environment has already started or completed.
As always with all VMware upgrades, please remember to check that your integrated product versions are compatible with the new versions before upgrading, especially with things such as VMware SRM and their 3rd party backup products.
VMware Critical Vulnerabilities (March 2021)
As you may have heard there have been some critical security alerts sent out from VMware in the last week. These are covering some privately reported vulnerabilities, not things seen out in the wild (yet). They affect all supported versions of vCenter and ESXi released before November/December 2020 and have a critical severity and index associated, some of the highest recorded yet.
There have been new versions of vCenter (6.5 U3n, 6.7 U3l and 7.0 U1c) released in Nov/Dec 2020 which aren’t affected and a patch released for ESXi (ESXi70U1c-17325551, ESXi670-202102401-SG and ESXi650-202102101-SG depending on ESXi version) which are recommended to be installed ASAP via Update Manager.
VMware has also documented workarounds for the vulnerabilities if these cannot be patched immediately. These workarounds disable the features of the products which are affected by the vulnerabilities. These are the vROPs plugin to vCenter (whether or not vROPS is being used) and the CIM hardware reporting in ESXi.
More information on the advisory and associated updated versions and workarounds can be found here – https://www.vmware.com/security/advisories/VMSA-2021-0002.html
As always with all VMware upgrades, please remember to check that your integrated product versions are compatible with the new versions before upgrading, especially with things such as VMware SRM and their 3rd party backup products.
