VMware ESXi hypervisor vulnerability grants full admin privileges

A photograph of a sign with the VMware logo.



Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined hypervisor.

The problem, identified as CVE-2024-37085, granted full admin privileges to members of a domain group, without proper validation. It has been used by several ransomware groups such as Storm-0506, Storm-1175, Octo Tempest, and Manatee Tempest, after they gained access to a network, to deploy ransomware.

“While there are worse things that could happen in the weeks leading up to your marquee customer and partner event, a vulnerability announcement based on an exploit that was actually seen in the wild, well, that’s certainly up there,” observed John Annand, research practice lead at Info-Tech Research Group. “So, Broadcom, and Microsoft for that matter, are yet again forced to spend more time and effort on reassuring rather than inspiring customers.”



Source link
lol

Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined hypervisor. The problem, identified as CVE-2024-37085, granted full admin privileges to members of a domain group, without proper validation. It has been used by several ransomware groups such…

Leave a Reply

Your email address will not be published. Required fields are marked *