VMware, fixed critical authentication bypass bug: update now

VMware, fixed critical authentication bypass bug: update now

VMware has released urgent patches to address critical flaws in virtualization systems, most notably an authentication bypass. Vulnerabilities pose a serious threat to companies whose IT infrastructure is built on enterprise systems

VMware has released urgent updates that address a total of ten security vulnerabilities in different products and which could be exploited by unauthenticated attackers to perform malicious actions in compromised IT infrastructures. The most important patch concerns a critical bug in authentication bypass security .

“Critical vulnerabilities in virtualization systems, such as the CVE-2022-31656 flaw”, comments Pierluigi Paganini , cyber security analyst and CEO Cybhorus, “represent a serious threat to the many companies that base their IT infrastructure on VMware systems”.

The vulnerability, in particular, impacts local users tomorrow across multiple products. Here are all the details and possible risk mitigation solutions.

Critical vulnerabilities in virtualization systems

Petrus Viet of VNG Security discovered the CVE-2022-31656 flaw impacting VMware Workspace ONE Access, Identity Manager and vRealize Automation.

“Multiple categories of malicious actors”, continues Paganini, “are constantly looking for exploits for this family of vulnerabilities that can allow them to access the victim’s infrastructure and compromise it”.

“In particular, in the last year we have observed an increasing number of ransomware gangs, and their affiliates, exploit flaws in VMware systems to access enterprise infrastructures and encrypt their systems causing severe damage to their operations,” concludes Paganini.

There are fears that the flaws are being exploited to carry out Distributed Denial-of-Service (DDoS) attacks.

The DDoS risk

Downloading and installing urgent patches is required to ward off Distributed Denial-of-Service (DDoS) attacks. “Although DDoS attacks can cause real damage,” explains Sam Curry, Cybereason Chief Security Officer , “they are often described as” poor man’s attacks “as they can be organized relatively quickly, especially when exploiting an existing botnet or DDoS. -as-a-Service “.

“It is not surprising at all, for example, that in recent days DDoS attacks against the Taiwanese government have emerged: these malicious activities, in fact, represent both a quick tool to obtain results quickly, and a normal ingredient to accompany more serious and organized attacks”, continues Sam Curry.

Furthermore, Curry points out, “DDoS attacks are still an effective tool in a state’s cyber arsenal because they get the job done. A DDoS attack will normally not cause much damage, but attacking a government guarantees the media headlines and the attention of the people and, therefore, the powers that are involved in the ‘game’ of nations ”.

“Public and private sector organizations,” concludes Sam Curry, “can counter DDoS attacks by preparing in advance: ensuring network connectivity redundancy and having mitigation strategies in place. Don’t just prepare for volumetric attacks (there are multiple types of DDoS), you need to practice in peacetime and prepare for contingencies. DDoS attacks can be solved and there are many vendors who can help against even the largest and most complex attacks, but it is much better to be prepared and mitigated in near real time or minutes than days. ”

VMware case: how to protect yourself from critical vulnerabilities

“Today there is no way to know if VMWare’s various vulnerabilities will have a lasting impact,” explains Sam Curry . Cybereason Chief Security Officer: “Will attackers find ways to exploit them? In the meantime, available patches need to be implemented and all systems regularly tested in the future. In general, you need to focus on the basics. If the patches can be implemented immediately, it can be verified if the company is vulnerable. Then, all systems need to be updated by proactively looking for behavioral indicators that reveal potential or ongoing malicious activity. More importantly, you need to remain vigilant because attackers are lurking and be patient because there is a chance that more targeted attacks will occur in the weeks and months to come. Successful exploits grant the attacker control of the affected system, but smart attackers won’t act right away.

To mitigate the risk, therefore, it is necessary to download and install patches as soon as possible, to avoid attacks.

However, in the event that it is not possible to install patches to remedy critical vulnerabilities in virtualization systems, it would be advisable to block access to systems from the Internet by configuring the virtualization environment itself.

Through rules on monitoring devices, you must also check that you do not log in through users who are subject to this vulnerability.

Finally, it is necessary to limit the administration grants to only the necessary users and not to allow other users to be able to modify their privileges locally

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts