Sergiu Gatlan 
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a use-after-free flaw in the vbluetooth device demoed by the STAR Labs SG and Theori teams. “A malicious actor with local administrative privileges on … Read more
VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced Authentication Plug-in (EAP) enables seamless login to vSphere’s management interfaces via integrated Windows Authentication and Windows-based smart card functionality on Windows client systems. VMware … Read more
A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021. The flaw was patched in October, with VMware confirming this Wednesday that it’s aware of CVE-2023-34048 in-the-wild exploitation, although it didn’t share any other details on the attacks. However, as security firm Mandiant revealed … Read more
VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation. vCenter Server is a management platform for VMware vSphere environments that helps administrators manage ESX and ESXi servers and virtual machines (VMs). “VMware has confirmed that exploitation of CVE-2023-34048 has occurred in the wild,” the … Read more
VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins to manage data centers spread across multiple locations as Virtual Data Centers (VDC). The auth bypass security … Read more
Microsoft fixed a known issue causing blue screens and boot failures in Windows Server 2022 virtual machines (VMs) deployed on VMware ESXi hosts. Windows admins first reported experiencing VM start issues [1, 2, 3, 4, 5] after deploying last month’s KB5031364 cumulative update. The company confirmed the issue days later, saying it only affects guest VMs on VMware … Read more
VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations’ cloud services as part of Virtual Data Centers (VDC). The auth bypass security flaw only affects appliances running VCD Appliance 10.5 that were previously upgraded from an older release. The company also added … Read more
Microsoft publicly acknowledged a known issue causing Windows Server 2022 virtual machine (VM) blue screens and boot failures on VMware ESXi hosts. Windows admins reported experiencing VM start failures [1, 2, 3, 4, 5] after installing the KB5031364 October 2023 cumulative update. Now, Redmond has confirmed these ongoing issues, saying that they affect only VMware … Read more
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware’s vSphere suite, and it helps administrators manage and monitor virtualized infrastructure. The vulnerability (CVE-2023-34048) was reported by Grigory Dorodnov of Trend Micro’s Zero … Read more
VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs). “Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published,” the company said in an update to the original … Read more