VMware Releases Security Updates for vCenter Versions 6.7.x and 6.5.x
VMware has released critical updates to address the Log4Shell vulnerability in vCenter Server versions 6.7.x and 6.5.x
Summary
VMware has released critical updates to address the Log4Shell vulnerability in vCenter Server versions 6.7.x and 6.5.x
Affected platforms
The following platforms are known to be affected:
Threat details
VMware vCenter Server alerts
Please note this alert relates to VMware vCenter Server versions 6.7.x and 6.5.x.
VMware vCenter Server Version 7.x is covered in High Severity Cyber Alert CC-4026.
Note: vCenter Server versions 6.0GA - 6.0U3i are not vulnerable.
However, versions 6.0 U3a/b/c/d/e/f were found to contain unused vulnerable jar files. No impact on the product has been observed after removing these jar files. Please refer to the section entitled "vCenter Server 6.0 U3j on Windows" in KB article KB87096.
Introduction
VMware has released critical security updates to address the Log4Shell vulnerabilities in their vCenter Server management software. They claim that an unauthenticated remote attacker could exploit these vulnerabilities to take control of an affected vCenter Server instance.
NHS Digital response to Log4Shell
This alert is part of NHS Digital's wider response to Log4Shell. For more information on Log4Shell itself, please visit our cyber alerts article Log4Shell RCE Vulnerability CC-3989.
NHS and social care organisations are invited to use the Cyber Associates Network to find out additional information and participate in discussion about the Log4Shell remote code execution vulnerability and affected products.
VMware vCenter Products Under Active Exploitation
The Log4Shell vulnerability within VMware vCenter products is being actively targeted and exploited. VMware products have been targeted by advanced persistent threat groups historically.
Remediation advice
Affected organisations are encouraged to review VMware's advisories below and apply the relevant updates immediately.
Remediation steps
| Type | Step |
|---|---|
| Patch |
VMware vCenter Server 6.7 Update 3q Release Notes https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3q-release-notes.html |
| Patch |
VMware vCenter Server 6.5 Update 3s Release Notes https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3s-release-notes.html |
Definitive source of threat updates
- https://digital.nhs.uk/cyber-alerts/2022/cc-4026
- https://www.vmware.com/security/advisories/VMSA-2021-0028.html
- https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3q-release-notes.html
- https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3s-release-notes.html
- https://kb.vmware.com/s/article/87096
CVE Vulnerabilities
Last edited: 9 February 2022 10:00 am