Category Archives: VMware
VMware addresses ‘ESX Admins’ authentication bypass vulnerability (CVE-2024-37085) in ESXi 8.0 Update 3
Today, Broadcom issued a second update to VMSA-2024-003 for VMware ESXi, specifically to address the vulnerability CVE-2024-37085. This vulnerability, with a CVSSv3 base score of 6.8 out of 10 (Moderate), allowed an adversary with sufficient Active Directory permissions to gain full access to ESXi hosts. About the vulnerability For an adversary to abuse this […]
VMware vSphere 8.0 Update 3 adds federation support for four Identity Providers
On June 25th, 2024, Broadcom made vSphere 8.0 Update 3 generally available. In the details of the Release Notes for vSphere 8.0 Update 3 and ESXi 8.0 Update 3, Broadcom announces PingFederate Support in vSphere Identity Federation. This is a huge update for Identity and Access admins using VMware's virtualization platform as it broadens their options […]
A Denial of Service vulnerability threatens the availability of virtual Domain Controllers on VMware ESXi (VMSA-2024-0011, Important, CVE-2024-22273)
This week, Broadcom VMware released an update that addresses a vulnerability in ESXi. This vulnerability could be abused to negatively impact the availability of virtual Domain Controllers running on ESXi hosts. Note: The vulnerability exists in VMware Cloud Foundation, too. The vulnerability was responsibly disclosed to Broadcom VMware. About the DoS vulnerability The vulnerability […]
VMware's Enhanced Authentication Plug-in is deprecated and critically vulnerable – Remove it now (VMSA-2024-0003)
Two critical vulnerabilities in the optional Enhanced Authentication Plug-in require the immediate removal of this software from admin workstations and management servers. About VMware's Enhanced Authentication Plug-in VMware's Enhanced Authentication Plug-in (EAP) is an optional piece of software that can be downloaded from VMware's download center and can be installed om admin workstations and […]
VMSA-2022-0030 updates for VMware ESXi and vCenter Server address four security vulnerabilities (CVE-2022-31696 – CVE-2022-31699)
Yesterday, VMware released updates that addresses four vulnerabilities (CVE-2022-31696, CVE-2022-31697, CVE-2022-31698 and CVE-2022-31699). These vulnerabilities can be used to compromise virtual Domain Controllers running on ESXi. Note: The vulnerabilities exist in VMware Cloud Foundation, too. About the vulnerabilities VMware addressed these four vulnerabilities: VMware ESXi memory corruption vulnerability (CVE-2022-31696) The first vulnerability is a […]
Veeam Backup & Replication v11a supports VMware vSphere 8.0
Hot on the heels of VMware Explore Europe, Veeam announced its support for VMware vSphere 8.0. About VMware vSphere 8.0 vSphere is VMware’s advanced server virtualization solution, consisting of ESXi (the core virtualization product that is installed on host machines – a type 1 hypervisor) and vCenter Server (the solution to manage multiple ESXi hosts […]
Eight Tips and Tricks for Backing up and Restoring virtual Domain Controllers with Altaro VM Backup v8
As Active Directory, its Domain Controllers and their inner workings were originally designed in the late 90s, some of the technologies and processes can be somewhat incompatible with technologies and ways of work that were introduced since. I haven’t stumbled upon physical Domain Controllers in a while, so I guess I can conclude that Virtual […]
VMware finally addresses an important privilege escalation vulnerability in vCenter Server (VMSA-2021-0025)
This week, VMware released an update that finally addresses a vulnerability in vCenter Server. Since November 2021, this vulnerability could be used to compromise vCenter Server installations and the ESXi host they manage. Note: The vulnerability exists in VMware Cloud Foundation, too. About vCenter Server VMware vCenter Server, formerly known as VirtualCenter, is the […]
I'm a 2022 VMware vExpert
I’m proud to announce I am a 2022 VMware vExpert. This is my fourth vExpert award in a row. It’s an honor for me to be a part of the team driving Active Directory virtualization on VMware vSphere with Deji Akomolafe and Matt Liebowitz. Thank you! About the VMware vExpert Program The VMware vExpert Program […]
VMware ESXi 7.0 Update 3c’s cURL version is vulnerable
On January 27th, 2022, VMware released vSphere 7.0 Update 3c. While this much anticipated update to ESXi 7.0 Update 3 addresses a wide range of critical issues, it also – unfortunately – leaves a gap. EARLIER WITH VSPHERE 7 UPDATE 3… In November 2021, VMware took the unprecedented step to retract the ESXi 7 Update […]
Login