IT Update – VMware Reemerging Risks

The importance of keeping up to date with patching on your company’s network systems and applications cannot be understated. This applies especially to any internet-facing systems, as the sheer volume of attacks that these systems face increases significantly. Recently it was discovered that a previously identified vulnerability with ESXi hypervisors (CVE-2021-21974) is now being utilized for a new purpose—to attack systems on which this software resides (if they have not been patched to address this concern) in order to launch ransomware attacks against these systems. This can result in these machines becoming inaccessible and, depending on permissions within your network, potentially exposing other system applications to the same fate.

If you are reading this and utilize ESXi software, we strongly recommend having your IT staff or support vendor review all of your installed ESXi software versions to ensure that your systems are not vulnerable to this issue. All it takes is one instance of a vulnerable version being installed that is forgotten or believed to be de-commissioned or powered off to compromise your entire environment. It is also advisable to have a discussion and verify whether any of your virtual hosts are internet-facing and could potentially be exposed to unnecessary risks. Strong consideration should be given to establishing a formal schedule (at least quarterly) to review software such as ESXi and the vCenter appliance, which are typically patched through manual methods rather than automated patching solutions, to ensure that they are being regularly reviewed and updated to address all known security issues. Lastly, backups should be reviewed to ensure that all critical systems are backed up and that security controls exist, either through physical media or to ensure that air gaps exist, to protect your backups from being compromised as well.

Below is a link to the original CVE vulnerability database post and also a current recommended baseline version to address this vulnerability and all other security vulnerabilities (at the time of this post). Please feel free to contact S.R. Snodgrass to discuss any questions you may have.

CVE – CVE-2021-21974 (mitre.org)

Recommended Version:

ESXI 7.0 Update 3i (ESXi_7.0.3-0.65.20842708)

Note: The CVE post linked above includes versions for the ESXI hypervisor 6.5 and 6.7; however, these have reached their end of life as of October 2022, and we cannot recommend installing any of these versions since they no longer receive security patches.

Share:

Facebook
Twitter
Pinterest
LinkedIn
Get The Latest Updates

Subscribe To Our Newsletter

Name

Most Popular

Related Posts

IT Regulatory Landscape

IT Regulatory Landscape for Financial Institutions

The Federal Trade Commission (FTC) Safeguards Rule will receive some regulatory attention as the extended compliance deadline of June 2023 is fast approaching. The Safeguards Rule does not apply to banks but to non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.

Compliance Update, Second Quarter 2023

Community Reinvestment Act: Revision of Small and Intermediate Small Bank and Savings Association Asset Thresholds On December 29, 2022, the Office of the Comptroller of

IT Update – VMware Reemerging Risks

The importance of keeping up to date with patching on your company’s network systems and applications cannot be understated. This applies especially to any internet-facing