VMware ESXi hypervisor vulnerability grants full admin privileges
- by nlqip
Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined hypervisor.
The problem, identified as CVE-2024-37085, granted full admin privileges to members of a domain group, without proper validation. It has been used by several ransomware groups such as Storm-0506, Storm-1175, Octo Tempest, and Manatee Tempest, after they gained access to a network, to deploy ransomware.
“While there are worse things that could happen in the weeks leading up to your marquee customer and partner event, a vulnerability announcement based on an exploit that was actually seen in the wild, well, that’s certainly up there,” observed John Annand, research practice lead at Info-Tech Research Group. “So, Broadcom, and Microsoft for that matter, are yet again forced to spend more time and effort on reassuring rather than inspiring customers.”
Source link
lol
Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined hypervisor. The problem, identified as CVE-2024-37085, granted full admin privileges to members of a domain group, without proper validation. It has been used by several ransomware groups such…
Recent Posts
- Ivanti Says ‘Critical’ Cloud Gateway Vulnerability Seeing Exploitation
- Microsoft Edge will flag extensions causing performance issues
- Sophos CEO On How EDR Vendors, Microsoft Are ‘Rethinking’ Security After CrowdStrike Outage
- This Windows PowerShell Phish Has Scary Potential – Krebs on Security
- Unexplained ‘Noise Storms’ flood the Internet, puzzle experts