Security News

VMware has addressed multiple critical remote code execution vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity.

VMware has hurried out fixes for a critical flaw in its ESXi hypervisor, a few weeks after it was found during China's Tianfu Cup hacking competition. 360 ESG Vulnerability Research Institute is the only team to run the entry on VMware ESXi today.

VMware has released security updates to fix critical and high severity vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation, allowing for code execution and privilege escalation. One of the security bugs, with a critical severity rating and tracked as CVE-2020-4004, allows attackers with local administrative privileges on a virtual machine to abuse a use-after-free vulnerability in the XHCI USB controller of VMware ESXi, Workstation, and Fusion.

VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful of serious security holes. Vulnerabilities in ESXi hypervisor exploited during a hacking competition.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. In it, he noted [PDF] that in three years, the optimal cost per component on a chip had dropped by a factor of 10, while the optimal number had increased by the same factor, from 10 to 100.

VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. "Updated patch versions in the response matrix of section 3a after release of ESXi patches that completed the incomplete fix for CVE-2020-3992 on 2020-11-04," said Oracle's updated advisory.

VMware on Wednesday informed customers that it has released new patches for ESXi after learning that a fix made available last month for a critical vulnerability was incomplete. VMware said the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the flaw.

VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution. VMware pointed out that the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the vulnerability.

Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software. In an advisory published this morning, VMware revealed six vulnerabilities affecting its ESXi, Workstation, Fusion, Cloud Foundation, and NSX-T products.

VMware on Thursday informed customers that it has released patches for a critical remote code execution vulnerability in ESXi that was disclosed recently at the Tianfu Cup hacking competition in...