.
Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined hypervisor. VMware is widely used within industrial control systems. It is imperative to update ASAP.
The problem, identified as CVE-2024-37085, granted full admin privileges to members of a domain group, without proper validation. It has been used by several ransomware groups such as Storm-0506, Storm-1175, Octo Tempest, and Manatee Tempest, after they gained access to a network, to deploy ransomware.
Here are the key points from the page:
- Vulnerability Discovery: Microsoft researchers found a vulnerability in VMware ESXi hypervisors (CVE-2024-37085) that grants full admin access to domain-joined hypervisors without proper validation1.
- Ransomware Exploitation: Several ransomware groups have exploited this flaw to gain administrative control and deploy ransomware.
- Impact: Full admin access allows threat actors to encrypt the file system, affecting hosted servers and virtual machines.
- Mitigation: VMware has issued patches for ESXi 7.0, 8.0, and VMware Cloud Foundation 4.x and 5.x, along with workarounds for those unable to update immediately.
To check if your VMware ESXi is affected, you can follow these steps:
- Check VMware’s Security Advisories: Visit VMware’s official website and look for any recent security advisories related to ESXi. These advisories will provide information on vulnerabilities and patches.
- Update to the Latest Version: Ensure your ESXi is updated to the latest version. VMware often releases patches and updates to address security vulnerabilities.
- Run Security Scans: Use security tools to scan your ESXi environment for known vulnerabilities. Tools like Nessus or OpenVAS can help identify potential issues.
- Review Logs: Check the logs on your ESXi server for any unusual activity or signs of compromise. This can help you identify if your system has been affected.
If you need more detailed guidance, feel free to ask!
Don't forget to subscribe to OT Connect Newsletter - The News That Matters.
Take advantage of the "Cybersecurity Awareness Month" exclusive discounts on training before October 31st.
Get Involved & Participate!
Comments