While virtualization still has a host of security advantages over its localized counterparts, it isn’t exempt from the attention of cyber attackers. Most recently, one of the industry’s leading software vendors, VMware, was forced to release a patch for a critical vulnerability that allowed underprivileged users to attain access to administrative rights. Let’s delve deeper into exactly what this means and what you need to do.
Since its first software release in 2001, VMware has remained the leading provider of virtualization platforms, with most sources estimating double-digit leads in market share over the nearest competitor. By creating virtual environments stored on a network server or in a cloud environment, the company has given their clients the ability to create workstations, software, and even networks that can be utilized remotely. Fast forward to today, and VMware is working overtime to maintain its reputation by preempting software security vulnerabilities.
Obviously, when delivering any kind of specialized privileges over a network, adequate protection is of the utmost concern. In this case, two services for managing mobile clouds (vIDM and vRealize) were found to be vulnerable to exploits wherein users with minimal rights could cheat their way into full administrative privileges.
The security team at VMware elaborated that when executed in just one of the two services, this flaw would not be considered critical. However, when combined, it could pose an imminent threat to the security of your cloud infrastructure. To amend this oversight, ask your managed services provider or IT staff to update vIDM and vRealize to their most recent versions (2.7 and 7.1, respectively) as soon as possible. If this can’t be achieved in a realistic time frame, blocking port 40002 would act as a temporary workaround.
Sufficient security requires by-the-minute responses to the latest breaches and exploits. By partnering with us, you’ll never need to worry about checking in regarding patches or breaches you read about in the news. Instead, you’ll be hearing about them from us when we come around to install the updates. Choose the safe option -- contact us today with any of your virtualization needs or questions.