Blog
VMware ESXi Security Alert
Christopher Souza | CEO
A critical VMware ESXi security flaw, CVE-2024-37085, is being exploited by ransomware groups.
CVE-2024-37085 allows attackers to give themselves full administrative access to the ESXi hypervisor by exploiting Active Directory integration. This is possible due to an automatic configuration mode that all VMWare ESXi servers enter when Active Directory integration is used. By leveraging this automatic configuration feature, attackers who can gain enough access to Active Directory to create or add members to a group specifically labeled “ESX Admins” will immediately be able to upgrade any user account to full administrative privileges on all configured VMWare ESXi host servers. If this vulnerability isn’t addressed, attackers can steal data, move laterally through networks, and encrypt the ESXi hypervisor’s file system, disrupting operations.
In order to address this vulnerability before it negatively impacts your systems, TSI strongly recommends the following:
1. Apply updates: Install the latest patches.
2. Enhance password security: Use multifactor authentication (MFA) and isolate privileged accounts.
3. Secure ESXi servers: Ensure they are not exposed to the public internet.
Due to the critical nature of the issue, and to minimize any disruptions to your systems, we would highly recommend applying this fix as soon as possible outside of your typical hours of operation. Please note, that your systems will likely be down while you apply this after-hours fix, and anticipate that it will take approximately 30 minutes to an hour to do so.
As always, we’re readily available to help address this issue and if you have any issues or concerns, please don’t hesitate to contact us. Thank you, we look forward to following up with any additional updates as they arise.
About Technical Support International
TSI is 35-year old cybersecurity (MSSP) and IT support (MSP) company specializing in helping DIB organizations address their NIST 800-171 and CMMC compliance obligations. As a CMMC-AB Registered Provider Organization (RPO), TSI offers a complete NIST 800-171 and CMMC support solution to help guide our clients toward a successful certification audit and provide the assurance that they’re adhering to these expansive compliance requirements.
Categories
- Backup & Disaster Recovery
- Business Operations
- Case Studies
- Cloud Services
- Cyber Security
- Employee Spotlight
- Finance & Budgeting
- Glossary Term
- Governance & IT Compliance
- Managed Services
- Mobile Device Management
- Network Infrastructure
- NIST 800-171 & CMMC 2.0
- PCI
- Podcast
- Project Management
- TSI
- Uncategorized
- vCIO
Cyber Security Policy Starter Kit:
10 Critical Policies That Every Company Should Have in Place