Security challenges associated with ESXi Hypervisors
Alert on the update required for VMWARE ESXI hypervisors
An ESXi hypervisor, also called a virtual machine monitor, is a virtualisation tool developed by VMware, for creating and managing virtual machines on a single physical server.
Vulnerability CVE-2021-21974
There has been a new wave of attacks targeting ERXi hypervisors. There has been a new wave of attacks targeting ERXi hypervisors. Vulnerability CVE-2021-21974 allows a remote attacker to bypass the ESXi security mechanisms and execute malicious code, in particular data encryption.
This vulnerability affects ESXi versions prior to version 7.X ESXi70U1c-17325551, 6.7.X ESXi670-202102401-SG, and 6.5.X ESXi650-202102101-SG. It also affects the “Service Location Protocol (SLP)” service.
Fortunately, exploits have been available for more than one year and a security patch has been available since February 2021.
Some stats:
- More than 3000 ESXi-type servers worldwide have been encrypted via this vulnerability
- Between 500 and 700 ESXi hypervisors are currently victims of this cyber attack in France
DATIVE advice for avoiding this type of attack:
- Put in place additional security measures such as dedicated firewall rules, block unused ports, etc.
- Disable the SLP service until the security patch is installed
- Carry out an inventory (hardware and software)
- Make regular backups
- Update the security patches as soon as possible
- Sign up for a vulnerabilities monitoring service