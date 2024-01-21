Critical VMware Vulnerability Under Attack | heise online

There is a critical security hole in VMware vCenter Server and Cloud Foundation, for which the manufacturer released a patch in October. The company has now updated the security notice as the vulnerability is actively being attacked in the wild. IT managers should apply the available update as quickly as possible.

The affected vulnerability can be found in the support of “Distributed Computing Environment / Remote Procedure Calls” (DCERPC): When processing the DCERPC protocol, write accesses outside of intended memory limits can occur. This allows attackers with network access to vCenter Server to inject and execute malicious code (CVE-2023-34048, CVSS 9.8Risk “critical“). Back in October, VMware classified the vulnerability as so explosive that the developers also published updates for products that had reached the end of life.

VMware updates security notice

The following entry has now been added to VMware’s security notice about the vulnerability: “VMware has confirmed that exploitation of CVE-2023-34048 has occurred in the wild”. Translated: “VMware confirms that the abuse of the CVE-2023-34048 vulnerability has occurred in the wild” – meaning it is being attacked by cybercriminals and misused to smuggle in malicious code.

The addition was made on Wednesday of this week and has so far gone largely unnoticed. VMware does not provide any details about the attacks. The developers also do not provide any Indicators of Compromise (IOCs), i.e. clues that IT managers can use to determine whether they have been affected by the known attacks. Administrators should therefore at least quickly check whether their vCenter Server and Cloud Foundation instances are up to date.

