Systems Affected
- VMware vCenter Server versions prior to 8.0U2
- VMware vCenter Server versions prior to 8.0U1d
- VMware vCenter Server versions prior to 7.0U3o
- VMware Cloud Foundation (VMware vCenter Server) versions prior to KB88287
Risk
- Government: - Large and medium government entities: High - Small government entities: Medium
- Businesses: - Large and medium business entities: High - Small business entities: Medium
- Home Users: Low
Recommendations
- Apply appropriate updates provided by VMware to vulnerable systems immediately after appropriate testing.
- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc.
- Use intrusion detection signatures to block traffic at network boundaries.
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
