Critical Vulnerabilities in VMWare ESXi, Workstation and Fusion Patched

Threat Watch

Threat Watch Critical Vulnerabilities in VMWare ESXi, Workstation and Fusion Patched

Critical Vulnerabilities in VMWare ESXi, Workstation and Fusion Patched

VMWare issued security patches to close critical vulnerabilities in its hypervisor software including ESXi, Workstation and Fusion. The vulnerabilities, CVE-2020-4004 and CVE-2020-4005, could allow an attacker who compromises a virtual machine (VM) and has local administrator access to the guest VM to execute code as the VMX process on the host server, and then escalate their privileges after gaining access to VMX. VMWare also issued security updates for SD-WAN Orchestrator that close six vulnerabilities including SQL injection. Those vulnerabilities are not as critical as those targeting ESXi.

ANALYST NOTES

Binary Defense analysts have observed many attackers targeting vulnerable software in the days and weeks after patches are issued. It is important for organizations to have a robust vulnerability management program to assess which patches should be installed first and prioritize IT operations work to close the loop quickly on critical patches. ESXi servers in production environments that host virtual machines that are at risk for compromise (e.g. external facing web servers running on VMs) should be prioritized to receive this ESXi patch as soon as possible. For more information, please see: https://www.helpnetsecurity.com/2020/11/20/vulnerabilities-esxi-hypervisor/ https://www.vmware.com/security/advisories/VMSA-2020-0026.html

Intruder Tactics: Privilege Escalation

Ransomware group targeted DC police, then sent mixed messages about shutting down

Emerging deepfake technology could have security implications for businesses

Striking Back: Hunting Cobalt Strike Using Sysmon And Sentinel

Threat Watch