CISA Detect Vulnerabilities In VMWare Products
The US cyber security agency has told officials to update, or remove, a lot of digital service company VMWare Inc. products as hackers are using insecure versions to hack into targeted organisations. VMWare is a leading company in virtualization technology and an innovator in cloud and business mobility
VMware View is used in small businesses up to major enterprise and institutional concerns. Occasionally, some client machines will randomly disconnect from the VMware View server. Several glitches may cause this and there are just as many solutions to such disconnect problems.
The Cybersecurity and Infrastructure Security Agency (CISA) has said that hackers had reverse engineered current updates made to VMWare products and were using the information to hack into unpatched older devices.
The affected products include VMware Workspace ONE Access, which is meant to provide one-stop access to various digital services, and VMware vRealize Automation, which helps manage and automate complex IT processes.
CISA says unpatched VMWare devices should be considered to be compromised and should be checked straight away.
The CISA says in its Advisory notice on its website, “Malicious cyber actors were able to reverse engineer the vendor updates to develop an exploit within 48 hours and quickly began exploiting these disclosed vulnerabilities in unpatched devices. “Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit CVE-2022-22972 and CVE-2022-22973, which were disclosed by VMware on May 18, 2022.”
VMWare has blogged told its customers in a blog post that, "It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments."
The most common hardware-based cause of random disconnection from VMware View stems from malfunctioning network interface cards. If you experience a single virtual client disconnect, check the NIC on that machine before looking for other causes.
CISA Director Jen Easterly said in a statement that “These vulnerabilities pose an unacceptable risk to federal network security,” said CISA Director Jen Easterly. “CISA has issued this Emergency Directive to ensure that federal civilian agencies take urgent action to protect their networks. “We also strongly urge every organisation, large and small, to follow the federal government’s lead and take similar steps to safeguard their networks,” she said.
CISA: Reuters: VMWare: Chron: Euronews: IT News: VOI: National Cybersecurity News:
You Might Also Read:
CISA, NSA And The Dual Hat: