Community Edition
Total Tests:
This Week:
Today:
Cyber Law Blog
Dark Web Crypto Mixer Founder Sentenced to Over 12 Years for Money Laundering
November 14, 2024
Global Сybercrime Сrackdown Takes Down Over 22K Malicious IPs And Servers
November 7, 2024
REvil Gang Members Sentenced
October 31, 2024
US Cop Indicted Over Buying Stolen Data
October 24, 2024
Notorious hacker ‘USDoD’ arrested in Brazil
October 17, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

Critical VMware vSphere Vulnerability Is a Must-Patch

By Maria Korolov for Data Center Knowledge
Friday, February 26, 2021

VMware this week fixed two critical vulnerabilities in jts vCenter Server, used by data centers to manage the VMware vSphere server virtualization platform.

"This vulnerability is critical," said Ilia Kolochenko, CEO at ImmuniWeb, a cybersecurty vendor. "It's really the highest possible risk we have, and exploitation is very simple. A remote non-authenticated actor can just send several HTTP requests and get full control over everything. So it's very high risk."

There is one bright side to this vulnerability, however, that is likely to reduce the amount of damage that attackers can do.

And that is because those organizations that have these systems exposed to the public probably have much bigger problems as well, said ImmuniWeb's Kolochenko.

"These types of systems are not supposed to be publicly accessible," he said. "Organizations that have these systems accessible to anyone on the internet – well, I wouldn't say that they're all grossly negligent, but I would say that they have other challenges and problems and are probably already compromised."

There might be some organizations that are unable to install security patches immediately, "maybe in about 5 percent of use cases," he said.

"In a hospital, for example, you might have a critical system that is maintaining care for patients who require emergency treatment. Sometimes when you install a patch you might crash everything. But I would say that otherwise, in the vast majority of cases – in 95 percent of cases – you should patch as soon as possible."

In those other 5 percent of cases companies should limit access to the vulnerable system.

He also recommends that companies proactively monitor and try to minimize their external attack surface, since more of these types of vulnerabilities are likely to emerge.

"I'm very confident that we still have more undisclosed or undiscovered vulnerabilities," he said. "There are probably people reverse engineering systems, searching for security flaws."

Reducing access by external users or from untrusted internal machines would help mitigate against 99 percent of possible exploitation, he said. Read Full Article


Previous Media Publications:

TechRepublic: VMWare patches bug that put many large networks at risk

Tribune de Genève: Privée ou publique, l’e-ID est considérée comme risquée

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential