Wed Sep 18 11:27:00 UTC 2024: ## Critical Vulnerability Found in VMware Products, Prompting Urgent Patching

**[City, State] -** A critical vulnerability affecting multiple VMware products, including vCenter Server and VMware Cloud Foundation, has been discovered, prompting urgent action from the company. The vulnerability, tracked as CVE-2024-38812, allows attackers to remotely execute malicious code on unpatched servers.

The flaw, a heap-overflow bug in the implementation of the DCERPC protocol, was found by cybersecurity researchers TZL during China’s 2024 Matrix Cup hacking contest. It has a severity score of 9.8/10, classified as “critical.”

Broadcom, VMware’s parent company, has released a patch and is urging users to apply it immediately. While there is no evidence of the vulnerability being exploited in the wild yet, hackers are likely to start scanning for vulnerable systems now that the issue is public knowledge.

“To ensure full protection, install one of the update versions listed in the VMware Security Advisory,” the company advised. However, if patching is not possible, organizations should tightly control network perimeter access to vSphere management components and interfaces.

VMware vSphere is a virtualization platform used by businesses to create and manage virtual machines and computing resources in data centers. vCenter Server acts as the central management hub for this platform.

The vulnerability poses a serious risk to organizations using these products, as successful exploitation could lead to data breaches, system disruptions, and other security incidents. Users are strongly encouraged to prioritize patching their systems as soon as possible.

Read More