Security News
VMware has urged customers to immediately patch a critical vulnerability affecting vCenter Server, the management interface for vSphere environments. According to VMware, the vulnerability impacts the vSphere Client, specifically the Virtual SAN Health Check plugin, which is enabled by default in vCenter Server even if the plugin is not actually being used.
VMware has patched two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible. The first one would allow them to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server, while the second one may allow them to perform actions allowed by the impacted plug-ins - Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, VMware Cloud Director Availability - without authentication.
VMware has revealed a critical bug that can be exploited to achieve unauthenticated remote code execution in the very core of a virtualised system - vCenter Server. The culprit is the vSphere HTML5 client, which by default includes the Virtual SAN Health plugin - even if you don't run a VMware VSAN. That plugin lacks input validation and the result, as explained by VMware's advisory this week, is: "A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."
VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. VMware vCenter Server is a server management utility that's used to control virtual machines, ESXi hosts, and other dependent components from a single centralized location.
VMware urges customers to patch a critical remote code execution vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. vCenter Server is a server management solution that helps IT admins manage virtual machines and virtualized hosts within enterprise environments via a single console.
VMware believes the answer is not some new security product or feature, or a different type of analytics. What's needed are structural and architectural changes to how organizations approach security.
An industry veteran, Raghuram is a strategic business leader who currently holds the position of Executive Vice President and Chief Operating Officer, Products and Cloud Services at VMware. "I am thrilled to have Raghu step into the role of CEO at VMware. Throughout his career, he has led with integrity and conviction, playing an instrumental role in the success of VMware," commented Michael Dell, chairman of the VMware Board of Directors.
VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States. Positive Technologies is one of the several Russian tech firms sanctioned in April by the U.S. for allegedly supporting Kremlin intelligence agencies.
VMware has released security updates to address a critical severity vulnerability in vRealize Business for Cloud that enables unauthenticated attackers to remotely execute malicious code on vulnerable servers. vRealize Business for Cloud is an automated cloud business management solution designed to provide IT teams with cloud planning, budgeting, and cost analysis tools.
That's why VMware is announcing VMware Telco Cloud Platform RAN. It is a platform that enables CSPs to virtualize radio access network functions and implement an open RAN architecture. "With Telco Cloud Platform RAN, we accelerate the disaggregation of the proprietary RAN and enable CSPs to modernize their RAN so they can monetize the 5G services they deliver across their network."