"VMware Confirms Critical vCenter Flaw Now Exploited in Attacks"

VMware has confirmed the active exploitation of a critical vCenter Server Remote Code Execution (RCE) that was patched in October 2023. The vCenter Server management platform is for VMware vSphere environments and helps administrators manage ESX and ESXi servers, as well as Virtual Machines (VMs). The vulnerability, discovered by Trend Micro, stems from an out-of-bounds write flaw in vCenter's DCE/RPC protocol implementation. Attackers can use it remotely in low-complexity attacks with high confidentiality, integrity, and availability impact that do not require authentication or user interaction. Network access brokers seek to hijack VMware servers and sell them to ransomware gangs on cybercrime forums. Ransomware groups such as Royal, Black Basta, LockBit, RTM Locker, Qilin, ESXiArgs, Monti, and Akira are now known for directly targeting victims' VMware ESXi servers. This article continues to discuss the exploitation of the critical vCenter Server RCE vulnerability.

Bleeping Computer reports "VMware Confirms Critical vCenter Flaw Now Exploited in Attacks"

Submitted by grigby1

Submitted by Gregory Rigby on