VMware on Monday mentioned it discovered no proof that risk actors are leveraging an unknown safety flaw, i.e., a zero-day, in its software program as a part of an ongoing ransomware assault spree worldwide.
“Most reviews state that Finish of Basic Assist (EoGS) and/or considerably out-of-date merchandise are being focused with recognized vulnerabilities which have been beforehand addressed and disclosed in VMware Safety Advisories (VMSAs),” the virtualization companies supplier mentioned.
The corporate is additional recommending customers to improve to the newest obtainable supported releases of vSphere parts to mitigate recognized points and disable the OpenSLP service in ESXi.
“In 2021, ESXi 7.0 U2c and ESXi 8.0 GA started delivery with the service disabled by default,” VMware added.
The announcement comes as unpatched and unsecured VMware ESXi servers all over the world have been focused in a large-scale ransomware marketing campaign dubbed ESXiArgs by possible exploiting a two-year-old bug VMware patched in February 2021.
The vulnerability, tracked as CVE-2021-21974 (CVSS rating: 8.8), is an OpenSLP heap-based buffer overflow vulnerability that an unauthenticated risk actor can exploit to realize distant code execution.
The intrusions seem to single out prone ESXi servers which might be uncovered to the web on OpenSLP port 427, with the victims instructed to pay 2.01 Bitcoin (about $45,990 as of writing) to obtain the encryption key wanted to get better information. No knowledge exfiltration has been noticed thus far.
Information from GreyNoise reveals that 19 distinctive IP addresses have been trying to take advantage of the ESXi vulnerability since February 4, 2023. 18 of the 19 IP addresses are categorized as benign, with one sole malicious exploitation recorded from the Netherlands.
“ESXi clients ought to guarantee their knowledge is backed up and may replace their ESXi installations to a set model on an emergency foundation, with out ready for an everyday patch cycle to happen,” Rapid7 researcher Caitlin Condon mentioned. “ESXi cases shouldn’t be uncovered to the web if in any respect potential.”
