Security News > 2021 > September > VMware Warns of Ransomware-Friendly Bug in vCenter Server

VMware has released a security update that includes patches for 19 CVE-numbered vulnerabilities that affect the company's vCenter Server virtualization management platform and its hybrid Cloud Foundation platform for managing VMs and orchestrating containers.

"This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server," said Bob Plankers, Technical Marketing Architect at VMware.

The security update addresses flaws in vCenter Server 6.5, 6.7, and 7.0.

If a phishing attack has compromised an account(s), it means that the attacker "May already be able to reach vCenter Server from inside a corporate firewall, and time is of the essence," VMware stressed.

Other security controls that can help to protect users' networks until they can patch include using network perimeter access controls or the vCenter Server Appliance firewall to curtail access to the vCenter Server management interfaces.

Greg Fitzgerald, co-founder of the cybersecurity firm Sevco Security, noted that vulnerabilities such as this one point to the need to go far beyond patching this vCenter bug.

News URL

https://threatpost.com/vmware-ransomware-bug-vcenter-server/174901/