VMware has released patches for two critical vulnerabilities that could allow hackers to execute malware remotely. Users are advised to apply the patches immediately and thus secure their endpoints.
In a security advisory, VMware said it was tipped off on the existence of two “heap-overflow vulnerabilities in the implementation of DCERPC protocol” in vCenter Server.
This tool works as a centralized platform where users can manage virtualized environments, specifically those running on VMware’s vSphere suite. It is often described as a “key element” in enterprise data center management, since it offers a wide variety of features that streamline and automate virtualized infrastructure admin.
The two vulnerabilities are tracked as CVE-2024-37079, and CVE-2024-37080, and both carry a severity score of 9.8 – critical.
No workarounds
“A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution,” VMware explained, urging users to apply the released patches immediately.
Furthermore, the company explained it investigated “in-product workarounds” and found them lacking, suggesting that applying the patch would be the best way forward.
According to The Register, there is currently no evidence of any in-the-wild exploitation. However, once a company puts vulnerabilities in the spotlight like this, threat actors usually start scanning the internet for vulnerable endpoints. The publication also warns that many organizations still use vSphere versions 6.5 and 6.7, which reached their end-of-life status in October 2022, “but are still widely used”.
VMware has been quite busy this year, issuing patches for high-severity flaws. A month ago, it released patches for four vulnerabilities affecting two of its products, and in early March, it fixed four flaws, including two that could have been used to execute malicious code.
