Although a patch has been available by VMware since May 25, 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and Cyber Command this week urged users of VMware to update and apply a fix to software that is used to manage virtual machines in data centers.
The warning states, “Please patch immediately!” It is reported that hackers have already been leveraging the flaw, which allows them to remotely execute code and infiltrate environments running VMware’s server management software. The flaws are in VMware vCenter Server and VMware Cloud Foundation products.
Users and administrators of these VMware products are encouraged to “review VMware’s VMSA-2021-010, blogpost, and FAQs for more information about the vulnerability and apply the necessary updates as soon as possible, even if out-of-cycle work is required. If an organization cannot immediately apply the updates, then apply the workarounds in the interim.”
These urgent warnings from both VMware and CISA merit consideration and prompt attention.