Skip to main content

VMware Horizon Critical Security Updates

VMware has released an urgent update to address the Log4Shell vulnerability in their Horizon product line

Threat ID:
CC-3995
Threat Severity:
High
Published:
17 December 2021 2:30 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

VMware has released an urgent update to address the Log4Shell vulnerability in their Horizon product line

Affected platforms

The following platforms are known to be affected:

VMware Horizon

The following platforms are also known to be affected:

VMware Horizon Versions

  • Horizon Connection Server (64-bit) - Versions: 2006-2111, 7.13.0-7.13.1, 7.10.0-7.10.3
  • Horizon Agent (64-bit) - Versions: Only vulnerable if vRealize Operations feature in Horizon desktop agent is installed (Versions 2006, 7.13.0-7.13.1)
  • Horizon Agent for 64-bit Linux - Versions: 2006-2111, 7.13.0-7.13.1, 7.10.0-7.10.3
  • Horizon Agent for 64-bit Redhat8.x Linux - Versions: 2006-2111, 7.13.0-7.13.1, 7.10.0-7.10.3
  • Horizon Linux Agent Direct-Connection (64 bit) - Versions: 2111
  • Horizon HTML Access Direct-Connection - Versions: 2006-2111, 7.13.0-7.13.1, 7.10.0-7.10.3
  • Horizon Cloud Connector 2.1.1 OVA format - Versions: all supported versions
  • vRealize Operations for Horizon Desktop Agent - Version: 6.7.1

Threat details

Introduction

VMware has released a critical update to address the Log4Shell vulnerability affecting VMware Horizon, a platform for running and delivering virtual desktops and apps across the hybrid cloud. An unauthenticated remote attacker could exploit Log4Shell to take control of an affected Horizon product to gain full control of the target system and/or perform a denial of service attack.

VMware Horizon Under Active Exploitation

Log4Shell vulnerabilities within VMware Horizon servers are under active exploitation.

View the following NHS Digital Cyber Alert for more information: CC-4002

Application of the mitigation measures listed in the VMware knowledge base article below should be applied immediately.

 

NHS Digital response to Log4Shell

This alert is part of NHS Digital's wider response to the Log4Shell remote code execution vulnerability. For more information on Log4Shell itself, please visit our cyber alerts article Log4Shell RCE Vulnerability CC-3989.
 

Additional VMware systems may be vulnerable and affected organisations should regularly review the VMSA-2021-0028 security advisory: VMware Response to Apache Log4j Remote Code Execution Vulnerability.  NHS and social care organisations are invited to use the Cyber Associates Network to find out additional information and participate in discussion about the Log4Shell remote code execution vulnerability and affected VM products.

Remediation advice

Affected organisations should review the VMware Horizon section of the VMware security advisory VMSA-2021-0028 and apply the relevant updates or mitigations immediately.

 

Last edited: 7 January 2022 8:15 am