September 17, 2024 at 03:21PM
VMware, owned by Broadcom, released critical-severity patches for two vulnerabilities in its vCenter Server. One vulnerability, CVE-2024-38812, poses a major risk of remote code execution, while the other, CVE-2024-38813, is a privilege escalation vulnerability. The flaws impact vCenter Server and Cloud Foundation versions, and patches are the only known solution. These vulnerabilities were discovered during a hacking contest sponsored by Chinese cybersecurity firms, raising concerns about government stockpiling of zero-day vulnerabilities. Furthermore, Microsoft reported a surge in zero-day exploits one year after a Chinese law came into effect, which restricts disclosure of security holes found by citizens. Threat actors believed to be sponsored by the Chinese government have leveraged zero-day vulnerabilities in their attacks.
From the provided meeting notes, the key takeaways are as follows:
– VMware has released critical-severity patches to address vulnerabilities in its vCenter Server platform, including a heap-overflow vulnerability (CVE-2024-38812) and a privilege escalation vulnerability (CVE-2024-38813).
– The vulnerabilities impact VMware vCenter Server versions 7.0 and 8.0, as well as VMware Cloud Foundation versions 4.x and 5.x.
– VMware has issued fixed versions (vCenter Server 8.0 U3b and 7.0 U3s) and patches for Cloud Foundation users. No workarounds have been found, making patching the only solution.
– The vulnerabilities were discovered by research teams participating in the 2024 Matrix Cup, a hacking contest in China, and have been exploited by Chinese-linked APT groups in the past.
– The law in China dictates that zero-day vulnerabilities found by citizens must be promptly disclosed to the government, with restrictions on selling or providing details to third parties. This has raised concerns about the potential stockpiling of zero-days by the Chinese government.
Please let me know if you need further information or assistance.