Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
VMware Sounds Ransomware Alarm Over Critical Severity Bug
#1
Information 
Quote:VMware patched a critical bug impacting its vCenter Server platform with a severity rating of 9.8 out of 10. The company said the flaw could allow a remote attacker to exploit its products and take control of a company’s affected system.
 
VMware went a step further on Tuesday, calling on IT security teams – already on high alert over an uptick in costly and destructive ransomware attacks – to patch systems fast. “In this era of ransomware it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible,” wrote VMware’s Bob Plankers, technical marketing architect in a Tuesday post.
 
The vulnerability, tracked as CVE-2021-21985, impacts vCenter Server platforms, which is in widespread use and used to administer VMware’s market leading vSphere and ESXi host products.
 
Claire Tills, a senior research engineer with Tenable wrote in a post commenting on the bug, “patching these flaws should be a top priority. Successful exploitation would allow an attacker to execute arbitrary commands on the underlying vCenter host.”
 
Tills note exploiting the vulnerability is trivial. All an attacker would need to do is be able to access vCenter Server over port 443, she wrote. “Even if an organization has not exposed vCenter Server externally, attackers can still exploit this flaw once inside a network.”

Read more: VMware Sounds Ransomware Alarm Over Critical Severity Bug | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>