MA-988.112023: MyCERT Advisory - VMware Releases Security Update for Cloud Director Appliance
1.0 Introduction
Recently, VMware has released a security advisory addressing a vulnerability in VMWare Cloud Director Appliance.
2.0 Impact
Cyber threat actors may exploit this vulnerability to take control of an affected system.
3.0 Affected Products
VMware Cloud Director Appliance (VCD Appliance)
4.0 Recommendations
MyCERT encourages users and administrators to review the following VMware security advisory and apply the recommended updates:
- VMSA-2023-0026: VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060) : https://www.vmware.com/security/advisories/VMSA-2023-0026.html
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-979.112023: MyCERT Advisory - VMware Releases Advisory for VMware Tools Vulnerabilities
1.0 Introduction
Recently, VMware released a security advisory addressing multiple vulnerabilities (CVE-2023-34057, CVE-2023-34058) in VMware Tools.
2.0 Impact
A cyber actor could exploit one of these vulnerabilities to take control of an affected system.
3.0 Affected Products
VMware Tools
4.0 Recommendations
MyCERT encourages users and administrators to review the VMware advisory VMSA-2023-0024 and apply the necessary updates.
Kindly refer to the following link: https://www.vmware.com/security/advisories/VMSA-2023-0024.html
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-933.042023: MyCERT Advisory - VMware Releases Security Update for Aria Operations for Logs
1.0 Introduction
Recently, VMware has released a security update to address multiple vulnerabilities in Aria Operations for Logs (formerly vRealize Log Insight).
2.0 Impact
A cyber threat actor could exploit these vulnerabilities to take control of an affected system.
3.0 Affected Products
VMware Aria Operations for Logs (formerly vRealize Log Insight)
4.0 Recommendations
MyCERT encourages users and administrators to review VMware Security Advisory VMSA-2023-0007 and apply the necessary updates.
Kindly refer to: https://www.vmware.com/security/advisories/VMSA-2023-0007.html
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-908.022023: MyCERT Advisory - Ransomware campaign actively exploiting a vulnerability (CVE-2021-21974) in unpatched VMware ESXi servers
1.0 Introduction
CISA has released a recovery script for organization that have fallen victim to ESXiArgs ransomware.
2.0 Impact
The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines (VMs) unusable.
3.0 Affected Products
- VMware ESXi
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
- VMware Cloud Foundation
- VMware vRealize Network Insight (vRNI)
4.0 Recommendations
MyCERT recommends user, administrators and organizations impacted by EXSiArgs evaluate the scripts and guidance provided in the accompanying README file to determine if it is fit for attempting to recover access to files in their environment.
Organizations can access the recovery scripts by referring link below:
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
- https://www.cisa.gov/uscert/ncas/current-activity/2023/02/07/cisa-releases-esxiargs-ransomware-recovery-script
- https://github.com/cisagov/ESXiArgs-Recover
- https://www.mycert.org.my/portal/advisory?id=MA-902.122022
- https://www.mycert.org.my/portal/advisory?id=MA-881.102022
- https://www.mycert.org.my/portal/advisory?id=MA-868.092022
- https://www.mycert.org.my/portal/advisory?id=MA-852.082022
MA-902.122022: MyCERT Advisory - VMware Releases Security Updates for Multiple products
1.0 Introduction
Recently, VMware has released security updates to address multiple vulnerabilities in multiple products.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
- VMware Cloud Foundation
- VMware ESXi
- VMware vRealize Network Insight (vRNI)
4.0 Recommendations
MyCERT encourages users and administrators to review VMware Security Advisories VMSA-2022-0031 and VMSA-2022-0033 and apply the necessary updates by referring below.
- VMSA-2022-0031 : https://www.vmware.com/security/advisories/VMSA-2022-0031.html
- VMSA-2022-0033 : https://www.vmware.com/security/advisories/VMSA-2022-0033.html
Generally, MyCERT advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please get in touch with MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-881.102022: MyCERT Advisory - VMware Releases Security Updates
1.0 Introduction
VMware has released security updates to address multiple vulnerabilities in VMware Cloud Foundation.
2.0 Impact
A remote attacker could exploit one of these vulnerabilities to take control of an affected system.
3.0 Affected Products
VMware Cloud Foundation (Cloud Foundation)
4.0 Recommendations
Users and Administrators must review the VMware Security Advisory at VMSA-2022-002 and apply the necessary updates and workarounds.
Generally, MyCERT advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
https://www.cisa.gov/uscert/ncas/current-activity/2022/10/28/vmware-releases-security-updates
https://www.vmware.com/security/advisories/VMSA-2022-0027.html
MA-868.092022: MyCERT Advisory - VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere
1.0 Introduction
Recently, VMWare has released "Protecting vSphere From Specialized Malware", addressing malware artefacts known as VirtualPITA (ESXi & Linux), VirtualPIE (ESXi), and VirtualGATE (Windows), which are used to exploit and gain persistent access to instances of ESXi.
2.0 Affected Products
• VMWare ESXi
3.0 Impact
Allows exploitation and gaining persistent access to instances of ESXi.
4.0 Recommendations
Users and administrators employing VMWare ESXi are urged to review the following for more information and to apply recommended mitigations and threat hunting guidance:
• VMware: Protecting vSphere From Specialized Malware:
https://core.vmware.com/vsphere-esxi-mandiant-malware-persistence
• VMware: Knowledge Base 89619 - Mitigation and Threat Hunting Guidance for Unsigned vSphere Installation Bundles (VIBs) in ESXi (including a script to audit ESXi hosts):
https://kb.vmware.com/s/article/89619
• VMWare: vSphere Security Configuration Guides (baseline hardening guidance for VMware vSphere):
https://via.vmw.com/scg
Generally, MyCERT advises users to be updated with the latest security announcements by the vendor and follow best practices and security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
• https://www.cisa.gov/uscert/ncas/current-activity/2022/09/29/vmware-releases-guidance-virtualpita-virtualpie-and-virtualgate
• https://core.vmware.com/vsphere-esxi-mandiant-malware-persistence
• https://kb.vmware.com/s/article/89619
• https://via.vmw.com/scg
MA-852.082022: MyCERT Advisory - VMware Releases Security Update
1.0 Introduction
VMware has released a security update to address the vulnerability in VMWare Tools. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. The vulnerability was tracked as CVE-2022-31676 and rated 7.0 out of 10 on the CVSS vulnerability scoring system.
2.0 Impact
The exploitation of this vulnerability may allow an attacker to take control of an affected system.
3.0 Affected Products
Updates are available include:
• VMware Tools version 12.x.y, 11.x.y (Windows)
• VMware Tools version 12.x.y, 11.x.y, 10.x.y (Linux)
4.0 Recommendations
Users and administrators should review the URLs below and perform the necessary update. Kindly refer to the below URL:
https://www.vmware.com/security/advisories/VMSA-2022-0024.html
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, don't hesitate to get in touch with MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
1) https://www.cisa.gov/uscert/ncas/current-activity/2022/08/23/vmware-releases-security-update
2) https://www.vmware.com/security/advisories/VMSA-2022-0024.html
MA-830.042022: MyCERT Advisory - Security Updates for "Spring4Shell" and Spring Cloud Function Vulnerabilities
1.0 Introduction
Spring by VMware has released security updates to address multiple vulnerabilities affecting its products. The vulnerabilities tracked as CVE-2022-22963 affect Spring Cloud Function and CVE-2022-22965 affect Spring Framework known as “Spring4Shell”. According to VMware, the Spring4Shell vulnerability bypasses the patch for CVE-2010-1622, causing CVE-2010-1622 to become exploitable again. The bypass of the patch can occur because Java Development Kit (JDK) versions 9 and later provide two sandbox restriction methods, providing a path to exploit CVE-2010-1622 (JDK versions before 9 only provide one sandbox restriction method).
2.0 Impact
A remote attacker could exploit these vulnerabilities to take control of an affected system
3.0 Affected Products
CVE-2022-22963:
• Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions
CVE-2022-22965:
• Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions running on JDK version 9.0 and above
4.0 Recommendations
MyCERT encourage users and administrators to immediately apply the necessary updates in the Spring Blog posts that provide the Spring Cloud Function updates addressing CVE-2022-22963 and the Spring Framework updates addressing CVE-2022-22965. MyCERT also recommends reviewing VMWare Tanzu Vulnerability Report CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ and CERT Coordination Center (CERT/CC) Vulnerability Note VU #970766 for more information. Kindly refer to the below URL for more details:
• https://spring.io/blog/2022/03/29/cve-report-published-for-spring-cloud-function
• https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
• https://tanzu.vmware.com/security/cve-2022-22965
• https://www.kb.cert.org/vuls/id/970766
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
• https://www.cisa.gov/uscert/ncas/current-activity/2022/04/01/spring-releases-security-updates-addressing-spring4shell-and
• https://spring.io/blog/2022/03/29/cve-report-published-for-spring-cloud-function
• https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
• https://tanzu.vmware.com/security/cve-2022-22965
• https://www.kb.cert.org/vuls/id/970766
MA-829.042022: MyCERT Advisory - VMware Carbon Black App Control Security Updates
1.0 Introduction
VMware has released security updates to address multiple vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. The vulnerabilities tracked as CVE-2022-22951 and CVE-2022-22952, both the flaws are rated 9.1 out of a maximum of 10 on the CVSS vulnerability scoring system.
2.0 Impact
Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected VMware Carbon Black App Control platform.
3.0 Affected Products
Updates are available include:
• VMware Carbon Black App Control (AppC)
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform the necessary update. Kindly refer to the below URL:
https://www.vmware.com/security/advisories/VMSA-2022-0008.html
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References