Security News

VMware has released fixes for ten vulnerabilities, including CVE-2022-31656, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation, which the company considers critical and advises to patch or mitigate immediately.CVE-2022-31656 is an authentication bypass vulnerability affecting local domain users on VMware Workspace ONE Access, Identity Manager and vRealize Automation, that may allow an attacker with network access to the UI to obtain administrative access without the need to authenticate first.

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The most severe of the flaws is CVE-2022-31656, an authentication bypass vulnerability affecting local domain users that could be leveraged by a bad actor with network access to obtain administrative access.

VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products. The critical vulnerability is similar to, or perhaps even a variant or patch bypass of, an earlier critical authentication bypass vulnerability that also rated 9.8 in severity and VMware fixed back in May. Shortly after that update was issued, CISA demanded US government agencies pull the plug on affected VMware products if patches can't be applied.

VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges. "This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA," VMware warned.

Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server's IWA mechanism, VMware has finally released a patch for one of the affected versions. Successful exploitation enables attackers with non-administrative access to unpatched vCenter Server deployments to elevate privileges to a higher privileged group.

A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The Linux encryptor is created to target VMware ESXi servers, with command-line options that allow the threat actors to shut down any running virtual machines before encrypting files.

The Cybersecurity and Infrastructure Security Agency and Coast Guard Cyber Command released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway servers. The VMware Horizon is a platform used by administrators to run and deliver virtual desktops and apps in the hybrid cloud, while UAG provides secure access to the resources residing inside a network.

If your organization is running VMware Horizon and Unified Access Gateway servers and you haven't implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency has advised on Thursday. According to the CISA, cyber threat actors, including state-sponsored advanced persistent threat actors, have continued to exploit Log4Shell in unpatched, internet-facing VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations.

The U.S. Cybersecurity and Infrastructure Security Agency, along with the Coast Guard Cyber Command, on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and servers," the agencies said.

CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway servers using the Log4Shell remote code execution vulnerability. Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data.