Russians invade Microsoft exec mail while China jabs at VMware vCenter Server

2024-01-20 00:08

A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news.

On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write flaw in vCenter Server, was under active exploitation.

VMware did not respond to The Register's inquires about the scale of the years-long exploitation nor who was behind the attacks.

In June 2023, VMware fixed an authentication bypass vulnerability in VMware Tools that affected ESXi hypervisors - but not before UNC3886 had found and exploited the hole.

Mandiant is attributing intrusions via the vCenter Server hole to Beijing's spies after spotting similarities between those attacks and the ones against VMware Tools in June 2023.

The code would fail in the same way, whether it was vSphere or VMware Tools being exploited, leading Mandiant to believe it's the same group behind the attacks, based on the modus operandi.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/20/chinese_russia_vmware_microsoft/

#china #microsoft #russian #server #vcenter #vmware #CVE-2023-34048

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-25	CVE-2023-34048	Out-of-bounds Write vulnerability in VMWare Vcenter Server vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. network low complexity vmware CWE-787 critical	9.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		365	50	1369	2820	161	4400
Vmware		146	11	222	256	102	591

News URL

Related news

Related Vulnerability

Related vendor