Security challenges associated with ESXi Hypervisors
Alert on the update required for VMWARE ESXI hypervisors
An ESXi hypervisor, also called a virtual machine monitor, is a virtualisation tool developed by VMware, for creating and managing virtual machines on a single physical server.
There has been a new wave of attacks targeting ERXi hypervisors. There has been a new wave of attacks targeting ERXi hypervisors. Vulnerability CVE-2021-21974 allows a remote attacker to bypass the ESXi security mechanisms and execute malicious code, in particular data encryption.
This vulnerability affects ESXi versions prior to version 7.X ESXi70U1c-17325551, 6.7.X ESXi670-202102401-SG, and 6.5.X ESXi650-202102101-SG. It also affects the “Service Location Protocol (SLP)” service.
Fortunately, exploits have been available for more than one year and a security patch has been available since February 2021.
Some stats:
- More than 3000 ESXi-type servers worldwide have been encrypted via this vulnerability
- Between 500 and 700 ESXi hypervisors are currently victims of this cyber attack in France
DATIVE advice for avoiding this type of attack:
- Put in place additional security measures such as dedicated firewall rules, block unused ports, etc.
- Disable the SLP service until the security patch is installed
- Carry out an inventory (hardware and software)
- Make regular backups
- Update the security patches as soon as possible
- Sign up for a vulnerabilities monitoring service
News
AI-generated text has revolutionised the way in which users interact with computers and digital devices, enabling them to carry out complex tasks more rapidly and more efficiently than ever before. However, its use can also present risks for the security of data and of industrial secrets.