Security News > 2022 > January > VMware: Patch Horizon servers against ongoing Log4j attacks!
VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks.
Microsoft also warned two weeks ago of a Chinese-speaking threat actor tracked as DEV-0401 who deploys Night Sky ransomware on Internet-exposed VMware Horizon servers using Log4Shell exploits.
In an email to Bleeping Computer today, VMware said they are strongly urging customers to patch their Horizon servers to defend against these active attacks.
VMware's call to action follows a similar warning issued last week by the Netherlands' National Cybersecurity Centre, urging Dutch organizations to remain vigilant in the face of ongoing threats represented by Log4j attacks.
According to Shodan, there are tens of thousands of Internet-exposed VMware Horizon servers, which all need to be patched against Log4j exploitation attempts.
"VMware strongly recommends that customers visit VMSA-2021-0028 and apply the guidance for Horizon. VMware prioritizes the security of our customers as we continue to respond to the industry-wide impact of the Apache Log4j vulnerabilities."
News URL
Related news
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)