Security Vulnerability Alert: VMware
A Security Vulnerability was recently discovered in VMWare applications.
Impacted Products: VMware vCenter Server (vCenter Server) & VMware Cloud Foundation (Cloud Foundation)
What is the issue?
A VMware advisory has stated that vCenter machines using default configurations have a bug that, in many networks, allows for the execution of malicious code when the machines are reachable on a port that is exposed to the Internet.
VMware urges instant patching.
What is the risk?
The vulnerabilities can be exploited by malicious actors with access to the network. There is risk to operating systems that host vCenter Servers as well as, allowing activities to take place without authentication on Virtual SAN Health Check, Site Recover, vSphere Lifecycle Manager and VMware Cloud Director Availability.
What should I do?
The link below contains tips for patching, and the company has also published a Q&A document regarding the flaws and their remediation. While workarounds are available, VMware states that implementing the security updates is the better option.