Public Posting of VMware ESX Source Code Discovered

By Stephen Kilcoyne
Posted in Virtualization
On April 26, 2012

On Tuesday, April 23, according to this VMware Security Note, VMware's “security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future." The code dates back to the 2003-2004 timeframe, and VMware is conducting an investigation.


There is no indication that VMware customers should be concerned of any increased risk at this time. We will continue to keep tabs on the situation, and if and when further information comes to light, provide updates accordingly.


No immediate actions are recommended in relation to this situation. But, as with all infrastructure software, it is important for system stability and security that ESX be patched regularly and kept up to date. Contact your Gotham Account Manager for information on how we can help assess the current state of your VMware environment.



Update: Yesterday, VMware announced, via this Security Note, the release of patches addressing "specific product releases that may be exposed to increased risk." The following links can help customers "determine if appropriate patches are available for products in their environment": and

Stephen Kilcoyne

Stephen Kilcoyne

Steve has more than 20 years’ experience in technical and business communications, as a writer, editor, and trainer. Steve manages Gotham’s overall documentation and communication efforts (including this blog).