October 22, 2024 at 10:13AM
VMware has issued a critical security update for CVE-2024-38812, a remote code execution vulnerability in vCenter Server that was inadequately addressed in September 2024. Users must apply the new patches for vCenter 7.0.3, 8.0.2, and 8.0.3 urgently, as no effective workarounds exist.
### Meeting Notes Takeaways:
1. **Security Update Release**: VMware released a new security update for CVE-2024-38812, a critical remote code execution vulnerability in the vCenter Server that was not fully addressed in the previous patch from September 2024.
2. **Vulnerability Details**:
– **Severity**: Rated critical (CVSS v3.1 score: 9.8).
– **Nature**: Caused by a heap overflow in vCenter’s DCE/RPC protocol, affecting vCenter Server and related products like vSphere and Cloud Foundation.
– **Exploitation**: No user interaction required; remote code execution occurs from specially crafted network packets.
3. **Discovery and Related Flaw**:
– Discovered by TZL security researchers at China’s 2024 Matrix Cup hacking contest.
– They also reported CVE-2024-38813, a high-severity privilege escalation vulnerability related to vCenter.
4. **Patch Recommendations**:
– New patches issued for **vCenter** versions 7.0.3, 8.0.2, and 8.0.3.
– Previous patches from September 17, 2024, were deemed incomplete in addressing CVE-2024-38812.
– Customers are strongly urged to apply the new patches listed in VMware’s Response Matrix.
5. **Older Product Versions**: Versions past their end-of-support, such as vSphere 6.5 and 6.7, are impacted but will not receive updates.
6. **No Workarounds**: There are no known workarounds available for these vulnerabilities, making it imperative for users to apply updates urgently.
7. **Exploitation Status**: VMware has not received reports of exploitation of these vulnerabilities as of the current date.
8. **Increased Risk Awareness**: Users should act quickly as threat actors often exploit VMware vCenter vulnerabilities to gain access to systems.
9. **Further Information**: A Q&A document is available for additional clarification on these vulnerabilities and updates.
### Action Items:
– Ensure all relevant VMware vCenter updates are applied immediately.
– Review the Q&A document for further understanding of the vulnerabilities.
– Monitor for any emerging threats or exploitation attempts related to these vulnerabilities.