October 22, 2024 at 03:18AM VMware has released updates for a critical security flaw (CVE-2024-38812) in vCenter Server, related to heap overflow vulnerabilities, allowing potential remote code execution. The flaw was previously patched inadequately. Users are urged to update to the latest versions to mitigate risks, although there’s currently no evidence of exploitation. **Meeting Takeaways … Read more
September 17, 2024 at 04:00PM Broadcom has addressed a critical VMware vCenter Server vulnerability (CVE-2024-38812) that allows unauthenticated remote attackers to achieve remote code execution through a heap overflow weakness in vCenter’s DCE/RPC protocol. Security patches are available, with the company advising administrators to apply the updates listed in the VMware Security Advisory to protect … Read more
September 17, 2024 at 03:21PM VMware, owned by Broadcom, released critical-severity patches for two vulnerabilities in its vCenter Server. One vulnerability, CVE-2024-38812, poses a major risk of remote code execution, while the other, CVE-2024-38813, is a privilege escalation vulnerability. The flaws impact vCenter Server and Cloud Foundation versions, and patches are the only known solution. … Read more
June 18, 2024 at 04:33AM VMware has issued updates to fix critical vulnerabilities affecting Cloud Foundation, vCenter Server, and vSphere ESXi. These flaws could lead to privilege escalation and remote code execution. The vulnerabilities include heap-overflow flaws and local privilege escalation issues. While there are no known active exploits, users are urged to promptly apply … Read more
June 18, 2024 at 02:11AM Critical-rated flaws (CVE-2024-37079 & CVE-2024-37080) in vCenter Server by VMware/Broadcom pose remote code execution risk. The heap-overflow vulnerabilities in DCE/RPC protocol could be exploited by a network-based attacker. Despite no known in-the-wild exploitation, older vSphere versions 6.5 and 6.7 lack fixes. Additionally, an important-rated privilege escalation flaw (CVE-2024-37081) is present. … Read more
January 19, 2024 at 08:23AM VMware confirmed active exploitation of a critical vCenter Server vulnerability (CVE-2023-34048) reported by Trend Micro researcher Grigory Dorodnov. Multiple end-of-life products were patched, and ransomware gangs target VMware servers. Over 2,000 exposed servers pose breach risks. VMware urged strict network access control and previously fixed high-severity vCenter Server flaws, an … Read more
January 19, 2024 at 06:12AM VMware warns of CVE-2023-34048, a critical vCenter Server vulnerability exploited in the wild. The issue, an out-of-bounds write problem related to DCERPC protocol implementation, allows remote code execution with network access. VMware released patches in October, even for end-of-life versions. The exploitation has been confirmed, with potentially hundreds of exposed … Read more
October 25, 2023 at 09:21AM Virtualization technology leader VMware has issued an urgent warning about a critical remote code execution flaw in its vCenter Server and VMware Cloud Foundation products. The vulnerability allows attackers with network access to execute remote code. VMware has released patches for the affected products, including older versions. Additionally, a moderate-severity … Read more
October 25, 2023 at 07:03AM VMware has released security updates to fix a critical flaw in the vCenter Server that could allow remote code execution. The vulnerability, tracked as CVE-2023-34048, is an out-of-bounds write issue in the DCE/RPC protocol. The company has urged users to apply the patches without delay as there are no workarounds … Read more
October 25, 2023 at 05:06AM VMware has released security updates to address a critical vulnerability in vCenter Server that can be exploited for remote code execution attacks. The vulnerability (CVE-2023-34048) allows unauthenticated attackers to remotely exploit it without user interaction. VMware has made patches available for affected products, including end-of-life versions. Administrators are advised to … Read more