October 25, 2023 at 07:03AM
VMware has released security updates to fix a critical flaw in the vCenter Server that could allow remote code execution. The vulnerability, tracked as CVE-2023-34048, is an out-of-bounds write issue in the DCE/RPC protocol. The company has urged users to apply the patches without delay as there are no workarounds available. Another vulnerability, CVE-2023-34056, has also been patched, addressing a partial information disclosure flaw. VMware has not seen any in-the-wild exploits but recommends quick patching.
Key Takeaways from Meeting Notes:
– VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution.
– The flaw is an out-of-bounds write vulnerability in the DCE/RPC protocol implementation.
– The vulnerability is tracked as CVE-2023-34048 with a CVSS score of 9.8.
– Grigory Dorodnov of Trend Micro Zero Day Initiative discovered and reported the flaw.
– There are no workarounds available, and security updates have been provided for specific versions of the software.
– VMware is also releasing a patch for vCenter Server 6.7U3, 6.5U3, and VCF 3.x.
– Another vulnerability, CVE-2023-34056, allows unauthorized access to data by a bad actor with non-administrative privileges.
– VMware is recommending customers to apply the patches promptly to mitigate potential threats.