During our internal tech brief, Tim Husar brought to everyone’s attention a new vulnerability announced by VMware. This critical issue involves an out of bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical Severity Range with a maximum CVSSv3 base score of 9.8. The write vulnerability could allow a malicious actor to execute remote code.
The issue affects most versions of vCenter in production and VMware has issued patches for all of these systems. VMware has even taken steps to issue updates to End of Support versions such as 6.5 and 6.7. (If you are still running 6.0 – I mean – it’s probably time to speak to us about our Managed Services offerings!)
For a full breakdown of the vulnerability and links to patches, please visit the VMware release blog here.
Stay Safe out there!
Carlo