VMware has released patches for two critical vulnerabilities that could allow hackers to remotely execute malware. Users are advised to apply the patches immediately to secure their endpoints.
In a security advisory, VMware said it had been tipped off to the existence of two “heap overflow vulnerabilities in the implementation of the DCERPC protocol” in vCenter Server.
This tool works as a centralized platform on which users can manage virtualized environments, especially those running on VMware’s vSphere suite. It is often described as a “key element” in enterprise data center management because it provides a wide range of features that streamline and automate the management of virtualized infrastructure.
The two vulnerabilities are tracked as CVE-2024-37079 and CVE-2024-37080, and both have a severity rating of 9.8 – critical.
No solutions
“A malicious actor with network access to vCenter Server could activate these vulnerabilities by sending a specially crafted network packet that could potentially lead to remote code execution,” VMware explains, urging users to apply the released patches immediately.
Additionally, the company explained that it had investigated “in-product fixes” and found these to be lacking, suggesting that applying the patch would be the best solution.
According to The register, there is currently no evidence of any exploitation in the wild. But once a company spotlights vulnerabilities in this way, threat actors typically begin scanning the Internet for vulnerable endpoints. The publication also warns that many organizations are still using vSphere versions 6.5 and 6.7, which reached end-of-life status in October 2022, “but are still widely used.”
VMware has been quite busy this year releasing patches for serious bugs. A month ago, it released patches for four vulnerabilities affecting two of its products, and in early March it fixed four flaws, including two that could have been used to execute malicious code.