Security News > 2022 > May > DHS orders federal agencies to patch VMware bugs within 5 days
The Department of Homeland Security's cybersecurity unit ordered Federal Civilian Executive Branch agencies today to urgently update or remove VMware products from their networks by Monday due to an increased risk of attacks.
In April, VMware patched another set of critical vulnerabilities, a remote code execution bug and a 'root' privilege escalation in VMware Workspace ONE Access and VMware Identity Manager.
While today's VMware bugs are not yet exploited in the wild, attackers started exploiting the ones fixed in April within 48 hours after reverse-engineering the update to deploy coinminers and install backdoors.
CISA determined that all these security flaws pose an unacceptable risk to federal agencies and has ordered them to take emergency action to patch them against CVE-2022-22972 and CVE-2022-22973 within 5 days, by May 23.
Find all impacted VMware products on their networks and deploy updates or remove them from the network until they can be patched.
Assume compromise for all Internet-exposed impacted VMware products, conduct threat hunt activities, and report any anomalies to CISA. By 12 PM EDT on Tuesday, all agencies should report the status of all VMware instances found on their networks using Cyberscope.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-20 | CVE-2022-22973 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. | 7.8 |
| 2022-05-20 | CVE-2022-22972 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |