• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
vmware patches important bug affecting esxi, workstation and fusion products

VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products

You are here: Home / General Cyber Security News / VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products
January 6, 2022

VMWare has shipped updates to Workstation, Fusion, and ESXi products to deal with an “crucial” security vulnerability that could be weaponized by a menace actor to choose command of affected programs.

The issue relates to a heap-overflow vulnerability — tracked as CVE-2021-22045 (CVSS score: 7.7) — that, if correctly exploited, outcomes in the execution of arbitrary code. The firm credited Jaanus Kääp, a security researcher with Clarified Security, for reporting the flaw.

Automatic GitHub Backups

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“A malicious actor with access to a digital machine with CD-ROM product emulation may possibly be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine,” VMware explained in an advisory printed on January 4.

VMware

The error impacts ESXi variations 6.5, 6.7, and 7. Workstation variations 16.x and Fusion versions 12.x, with the business yet to release a patch for ESXi 7.. In the interim, the firm is recommending buyers to disable all CD-ROM/DVD equipment on all working digital equipment to avoid any potential exploitation —

  • Log in to a vCenter Server process applying the vSphere Web Client.
  • Right-click the virtual machine and click Edit Settings.
  • Decide on the CD/DVD travel and uncheck “Connected” and “Hook up at ability on” and remove any connected ISOs.

With VMware’s virtualization answers widely deployed across enterprises, it is no shock that its items have emerged as a common option for risk actors to stage a multitude of attacks in opposition to susceptible networks. To mitigate the risk of infiltration, it is really recommended that corporations transfer promptly to use the required updates.

Identified this posting interesting? Abide by THN on Fb, Twitter  and LinkedIn to examine more unique content we article.


Some pieces of this short article are sourced from:
thehackernews.com

Previous Post: «google releases new chrome update to patch dozens of new Google Releases New Chrome Update to Patch Dozens of New Browser Vulnerabilities
Next Post: A month in the life of a social engineer – part one a month in the life of a social engineer –»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.