Security Alert from G DATA: Vulnerability in VMware ESXi – patch urgently required!



February 6, 2023



Cyber Security

A critical security vulnerability in VMware’s virtualisation platform is currently being actively exploited to attack server systems around the world. A patch for the two-year-old vulnerability is available and should be installed immediately.
Just in time for the weekend, the French CERT (CERT-FR), among others, reported a wave of attacks against systems running VMware ESXi versions 6.5.x, 6.7.x and 7.x (details on the VMware website). The explosive aspect is that the security vulnerability with the identifier CVE-2021-21974 has already been known and patched for two years. The attacks are therefore specifically directed against unpatched systems. The vulnerability has a criticality value of 9.8 – the highest possible number is 10. So it doesn’t get much more critical than that.

Immediate measures
On successfully attacked systems, the Nevada ransomware is installed, which, among other things, encrypts the virtual hard disks of guest systems (file extensions *vmdk, *vmx, *vmsd and others). “Anyone who has not yet installed the patches should take action here as soon as possible,” says Tim Berghoff, Security Evangelist at G DATA CyberDefense AG. “Encrypted systems sometimes cause outages, among others at an Italian telecommunications provider.”

To block attacks, at least for the time being, it is recommended to deactivate the SLP protocol on unpatched hypervisor systems. This requires the following commands in the shell:

Detailed information can be found in the VMware Knowledge Base.

“Even if there are no recognisable signs of an attack, it is worth looking for IoC (Indicators of Compromise),” advises Berghoff.

Legacy attacks take bitter revenge
This current wave of attacks shows once again how important it is to install patches. Even an old security hole can become a problem – sometimes only years later, as in this case. There are enough examples of this. One of the most famous examples, where home users were also affected, is WannaCry. The underlying vulnerability had already been known and patched for a quarter of a year at the time of the outbreak.

https://www.vmware.com/security/advisories/VMSA-2021-0002.html

VdS draft guideline for gluing systems for banknote neutralization

Sep 23, 2023

VdS Schadenverhütung GmbH has released the draft of VdS 6040-1 "VdS Guidelines for Banknote Security Systems - Gluing Systems for Banknote Neutralization" for public consultation These guidelines contain requirements for gluing systems with active application of the...

Interior Minister Peter Beuth: “Federal government must ensure order and limit migration”

Sep 22, 2023

B-IMK: Union interior ministers demand order and limitation of migration from federal government In view of the further increase in the number of arrivals in Germany, the interior ministers of the CDU/CSU demand that the federal government take sustainable measures to...

Munich Federal Police Headquarters: Increased Wiesn operations for the Federal Police due to acts of violence

Sep 22, 2023

On 21 September, several assaults and acts of resistance were committed against federal police officers, as well as other acts in connection with Wiesn travellers. Shortly after midnight, two men clashed on the mezzanine floor of Munich Central Station. A 23-year-old...

February 6, 2023

Cyber Security

Related Articles

VdS draft guideline for gluing systems for banknote neutralization

Interior Minister Peter Beuth: “Federal government must ensure order and limit migration”

Munich Federal Police Headquarters: Increased Wiesn operations for the Federal Police due to acts of violence

Sitemap

Information

Newsletter Sign Up

Thank you!