Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.

The latest confirmations of the growing attacker interest in VMware ESXi environments are two ransomware variants that surfaced in recent weeks and have begun hitting targets worldwide.

One of the malware tools, dubbed Luna, is written in Rust and can encrypt data on ESXi virtual machines (VMs) in addition to data on Linux and Window systems. The other is Black Basta, a rapidly proliferating ransomware variant written in C++ that, like Luna, targets ESXi VMs and also works on Windows and Linux systems as well.

They add to a collection of ransomware variants aimed at ESXi, VMware's bare-metal hypervisor for running virtual machines. Numerous organizations use the technology to deploy multiple VMs on a single host system or across a cluster of host systems, making the environment an ideal target for attackers looking to cause widespread damage.

"Infrastructure services like networking equipment and hosting infrastructure like ESXi can't easily be patched on demand," says Tim McGuffin, director of adversarial engineering at Lares Consulting. "Attacking these services provides a one-stop shop for impact since a large number of servers can be encrypted or attacked at once."

Other recent examples of malware targeting ESXi environments include Cheerscrypt, LockBit, RansomEXX, and Hive.

**The Cross-Platform Ransomware Threat**

Researchers from Kaspersky first spotted Luna in the wild last month. Their analysis shows the malware to fall into the trend of several other recent variants that are written in platform-agnostic languages like Rust and Golang, so they can be easily ported across different operating systems. The researchers also found the malware to employ a somewhat rare combination of AES and x25519 cryptographic protocols to encrypt data on victim systems. The security vendor assessed the operator of the malware to be likely based in Russia.

Kaspersky's analysis of a recent version of Black Basta — a ransomware variant it has been tracking since February — shows the malware has been tweaked so it can now encrypt specific directories, or the entire “/vmfs/volumes” folder, on ESXi VMs. The malware uses the ChaCha20 256-bit cipher to encrypt files on victim systems. It also uses multithreading to speed up the encryption process by getting all processors on the infected systems to work at the same time on the task.

Since surfacing in February, the operators of Black Basta have managed to compromise at least 40 organizations worldwide. Victims include organizations in the manufacturing and electronics sectors in the US and multiple other countries. Available telemetry suggests the threat actor could soon chalk up other hits across Europe, United States, and Asia, according to Kaspersky.

**A Target for Inflicting Wide Damage**

The proliferation of ransomware targeting ESXi systems poses a major threat to organizations using the technology, security experts have noted. An attacker that gains access to an EXSi host system can infect all virtual machines running on it and the host itself. If the host is part of a larger cluster with shared storage volumes, an attacker can infect all VMs in the cluster as well, causing widespread damage.

"If a VMware guest server is encrypted at the operating system level, recovery from VMware backups or snapshots can be fairly easy," McGuffin says. '\[But\] if the VMware server itself is used to encrypt the guests, those backups and snapshots are likely encrypted as well." Recovering from such an attack would require first recovering the infrastructure and then the virtual machines. "Organizations should consider truly offline storage for backups where they will be unavailable for attackers to encrypt," McGuffin adds.

Vulnerabilities are another factor that is likely fueling attacker interest in ESXi. VMware has disclosed multiple vulnerabilities in recent months. In February, for instance, the company disclosed five flaws — including important and critical ones — that affected ESXi (CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, and CVE-2021-22050). The same month, VMware announced a heap overflow vulnerability in the technology (CVE-2021-22045), and there have been multiple other moderate to low severity flaws the company has disclosed over the past year or so, including a critical remote code execution flaw.

"In recent months, VMware ESXi had several notable vulnerability disclosures and patches, which might be why attackers have an increased interest in targeting those environments," says Joseph Carson, chief security scientist and advisory CISO at Delinea. Most of these virtual environments tend to have a strong backup and snapshot strategy. However, attackers can cause a significant impact if they can also deploy ransomware on the backup systems as well, he says.

Carson advocates that organizations running VMware conduct risk assessments and consistently check for known vulnerabilities and misconfigurations to ensure they are patched and configured correctly. They also need to ensure that Internet-facing systems have strong access controls in place to ensure only authorized employees have access to those systems.

Matthew Warner, chief technology officer and co-founder at Blumira, points to the Log4j vulnerability as another likely reason for the mushrooming attacker interest in ESXi environments. "VMware has an incredibly wide range of solutions that utilized Log4i and were impacted by this vulnerability," he says. VMware itself acted quickly to provide mitigation guidance. But it's likely that many ignored the mitigation advice and are now targets of ransomware purveyors, he says.

"There is almost never a situation where VMware Horizon should be Internet-facing," Warner says. "It opens up untold amounts of risk to the infrastructure." Blumira has run into several instances where VMware Horizon servers were exposed due to access control issues on the firewalls, not to purposeful exposure. "This serves as a good reminder that your DMZ and Internet exposure must be monitored on an ongoing basis within your environment," he advocates.

Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.

*   Forge
*   Documentation
*   Get Support
*   Education
*   Events
*   Shop

BlogContact Sales

Try Puppet 

*   Why Puppet
*   Products
*   Services
*   Open Source
*   Resources
*   Partners
*   About Puppet by Perforce

*   Why Puppet
*   Products
*   Services
*   Open Source
*   Resources
*   Partners
*   About Puppet by Perforce
*   
*   Forge
*   Documentation
*   Get Support
*   Education
*   Events
*   Shop

Search Puppet.com

Puppet is the industry standard for IT automation.

Modernize, manage and bring your hybrid infrastructure into compliance through Puppet's powerful continuous automation.

*   Why Puppet 
*   Try Puppet 

**Guidebook**

*   What is Configuration Management
*   What is IT Compliance
*   What is IT Automation

**Use Cases**

*   Application delivery & operations
*   Continuous configuration automation
*   Continuous compliance
*   Continuous delivery
*   Patch management
*   Puppet for government
*   Operations tasks & orchestration
*   Windows infrastructure automation

**Get Puppet Enterprise**

First 10 nodes are free!

*   Try it now 
*   Request a demo 

**Products**

*   Puppet Enterprise
*   Continuous Delivery for Puppet Enterprise
*   Puppet Comply
*   Puppet Relay

**Pricing & Packaging**

*   Pricing
*   Support services plans
*   Professional services

**Integrations**

*   Amazon Web Services
*   Google Cloud Platform
*   Hashicorp
*   PowerShell DSC
*   Windows Azure
*   ServiceNow
*   Splunk
*   VMware
*   All integrations

**Puppet Education**

Puppet Education is your learning portal for tools and best practices to address common business challenges.

*   Puppet Education 

**Professional services**

*   Start automating
*   Accelerate delivery
*   Integrate your toolchain
*   Harden infrastructure
*   Partner for success
*   Scale DevOps
*   All professional services

**Support**

*   Puppet support
*   Technical support packages
*   Technical account management

**Custom consulting services**

Get up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.

*   Learn more 

**Puppet Forge**

Find thousands of component modules built by the community and guidance on using them in your own infrastructure.

*   Visit Puppet Forge 

**Ecosystem**

*   Puppet developer experience
*   Trusted contributors
*   GitHub
*   Vox Pupuli

**Open Source Projects**

*   Open source Puppet
*   Bolt
*   All open source projects
*   Compare our enterprise products

**Community**

*   Community
*   Puppet Champions
*   Puppet Test Pilots
*   Community calendar
*   Community Slack
*   Pulling the Strings Podcast
*   Puppet and Perforce Community FAQ

**Contribute**

*   Contribute written content
*   Contribute to open source projects
*   Puppet Idea Portal

**State of DevOps Report**

Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.

*   State of DevOps retrospective
*   Scaling DevOps

*   Get the 2021 State of DevOps Report 

**Product Documentation**

*   Puppet Enterprise
*   Continuous Delivery for Puppet Enterprise
*   Puppet Comply
*   Puppet Remediate
*   All documentation

**Resource library**

*   Blog
*   Ebooks
*   Reports
*   Solution briefs
*   Videos
*   Webinars
*   White papers

**Customers**

*   Our customers
*   Customer videos
*   Customer stories

**Partners**

*   Technology partners
*   Channel partners
*   Solution providers
*   Become a partner
*   Partner Portal login

**Featured Partners**

**About Us**

Puppet automates your infrastructure so you can innovate. We find, fix, and predict in order to prevent surprises and maintain your desired state.

**Puppet by Perforce**

*   Mission
*   Leadership
*   Diversity, equity & inclusion
*   Contact us

**Working at Puppet by Perforce**

*   Careers
*   Open positions

**Press & news**

*   Press room
*   Press releases
*   News mentions

**Events**

It's our community that makes Puppet great. Connect with Puppet users and employees.

*   Watch On Demand: Puppetize Digital 2021
*   All events

*   **Posted 2022-07-15**
*   **Assessed Risk Level: Medium**
*   **CVSS 3.1 Base Score: 4.1**

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.

*   https://github.com/puppetlabs/bolt/blob/main/CHANGELOG.md#bolt-3240-2022-06-29

**Status:**

**Affected software versions:**

*   Puppet Bolt prior to 3.24.0

**Resolved in:**

*   Puppet Bolt 3.24.0

CVE-2022-2394: CVE-2022-2394 - Puppet Bolt

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. 
"Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices.

"Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an advisory published this week.

Auditor is an auditing and visibility platform that enables organizations to have a consolidated view of their IT environments, including Active Directory, Exchange, file servers, SharePoint, VMware, and other systems—all from a single console.

Netwrix, the company behind the software, claims more than 11,500 customers across over 100 countries, such as Airbus, Virgin, King's College Hospital, and Credissimo, among others.

The flaw, which impacts all supported versions prior to 10.5, has been described as an insecure object deserialization, which occurs when untrusted user-controllable data is parsed to inflict remote code execution attacks.

The root cause of the bug is an unsecured .NET remoting service that's accessible on TCP port 9004 on the Netwrix server, enabling an actor to execute arbitrary commands on the server.

"Since the command was executed with NT AUTHORITY\\SYSTEM privileges, exploiting this issue would allow an attacker to fully compromise the Netwrix server," Bishop Fox's Jordan Parkin said.

Organizations relying on Auditor are recommended to update the software to the latest version, 10.5, released on June 6, to thwart any potential risks.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

Advisory ID: VMSA-2022-0018

CVSSv3 Range: 5.3

Issue Date: 2022-07-12

Updated On: 2022-07-12 (Initial Advisory)

CVE(s): CVE-2022-22982

Synopsis: VMware vCenter Server updates address a server-side request forgery vulnerability (CVE-2022-22982)

Share this page on social media

Sign up for Security Advisories

****1\. Impacted Products****

*   VMware vCenter Server (vCenter Server)  
    
*   VMware Cloud Foundation (Cloud Foundation)  
    

****2\. Introduction****

A server-side request forgery (SSRF) vulnerability in VMware vCenter Server was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

****3\. vCenter Server SSRF vulnerability (CVE-2022-22982)****

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

To remediate CVE-2022-22982 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.  

VMware would like to thank pwnull for reporting this issue to us.  

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

vCenter Server

7.0

Any

CVE-2022-22982

5.3

moderate

7.0 U3f

None

None

vCenter Server

6.7

Any

CVE-2022-22982

5.3

moderate

6.7 U3r

None

None

vCenter Server

6.5

Any

CVE-2022-22982

5.3

moderate

6.5 U3t

None

None

**Impacted Product Suites that Deploy Response Matrix Components:**

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Cloud Foundation (vCenter Server)

4.x

Any

CVE-2022-22982

5.3

moderate

KB88287

None

None

Cloud Foundation (vCenter Server)

3.x

Any

CVE-2022-22982

5.3

moderate

Patch Pending

None

None

****4\. References****

****5\. Change Log****

**2022-07-12 VMSA-2022-0018  
**Initial security advisory.

****6\. Contact****

CVE-2022-22982: VMSA-2022-0018

July's Patch Tuesday gives us a lot of important security updates. Most prominently, a known to be exploited vulnerability in Windows CSRSS.
The post Update now—July Patch Tuesday patches include fix for exploited zero-day appeared first on Malwarebytes Labs.

It’s time to triage a lot of patching again. Microsoft’s July Patch Tuesday includes an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS). This vulnerability immediately made it to the Cybersecurity & Infrastructure Security Agency (CISA) list of known to be exploited in the wild list that are due for patching by August 2, 2022.

**Microsoft**

In total the Microsoft updates include fixes for 84 vulnerabilities. Four of these vulnerabilities are labelled as “Critical” since they are remote code execution (RCE) vulnerabilities.

Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). These are the CVEs that ware assigned to the four Critical vulnerabilities:

CVE-2022-22029: Windows Network File System (NFS) RCE vulnerability. This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV3, but this may adversely affect your ecosystem and should only be used as a temporary mitigation.

CVE-2022-22039: Another Windows Network File System (NFS) RCE vulnerability. It’s possible to exploit this vulnerability over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger an RCE.

CVE-2022-22038: Remote Procedure Call Runtime RCE vulnerability. Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.

CVE-2022-30221: Windows Graphics Component RCE vulnerability. An attacker would have to convince a targeted user to connect to a malicious RDP server. On connecting, the malicious server could execute code on the victim’s system in the context of the targeted user.

**Azure Site Recovery**

A huge part of the patches consist of 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution. Azure Site Recovery is an integrated disaster recovery service for Azure that helps ensure business continuity by keeping business apps and workloads running during outages.

According to Microsoft, SQL injection vulnerabilities caused most of the privilege escalation bugs in Azure Site Recovery.

**CVE-2022-22047**

The vulnerability that is known to be exploited in the wild is an elevation of privilege (EoP) vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

This type of vulnerability usually comes into play once an attacker has gained an initial foothold. They can then use this vulnerability to gain more permissions and expand their access to the compromised system.

The vulnerability is described as a Windows CSRSS Elevation of Privilege vulnerability. CSRSS is the Windows component that provides the user mode side of the Win32 subsystem. CSRSS is critical for a system’s operation and is mainly responsible for Win32 console handling and GUI shutdown.

This type of vulnerability are often chained together with others in macros, which makes the decision to roll back Office Macro blocking incomprehensible, even if it is only temporary.

**Other vendors**

Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.

Adobe released security updates for Acrobat, Character Animator, Photoshop,  Reader, and RoboHelp.

Cisco released critical updates for Cisco Expressway Series, Cisco TelePresence Video Communication Server, Cisco Email Security Appliance, Cisco Secure Email and Web Manager, Cisco Small Business RV110W, RV130, RV130W, and RV215W routers, and several other security updates.

Citrix released hotfixes to address a problem that may affect Citrix Hypervisor and Citrix XenServer under some circumstances.

Google released Android’s July security updates including 3 labelled as “Critical”.

SAP released its July 2022 Patch Day bulletin with 20 new Security Notes.

VMWare released security updates.

Stay safe, everyone!

Update now—July Patch Tuesday patches include fix for exploited zero-day

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild.
Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild.

Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one of which plugs another zero-day flaw that Google disclosed as being actively exploited in real-world attacks.

Top of the list of this month's updates is CVE-2022-22047 (CVSS score: 7.8), a case of privilege escalation in the Windows Client Server Runtime Subsystem (CSRSS) that could be abused by an attacker to gain SYSTEM permissions.

"With this level of access, the attackers are able to disable local services such as Endpoint Detection and Security tools," Kev Breen, director of cyber threat research at Immersive Labs, told The Hacker News. "With SYSTEM access they can also deploy tools like Mimikatz which can be used to recover even more admin and domain level accounts, spreading the threat quickly."

Very little is known about the nature and scale of the attacks other than an "Exploitation Detected" assessment from Microsoft. The company's Threat Intelligence Center (MSTIC) and Security Response Center (MSRC) have been credited with reporting the flaw.

Besides CVE-2022-22047, two more elevation of privilege flaws have been fixed in the same component — CVE-2022-22026 (CVSS score: 8.8) and CVE-2022-22049 (CVSS score: 7.8) — that were reported by Google Project Zero researcher Sergei Glazunov.

"A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM," Microsoft said in an advisory for CVE-2022-22026.

"Because the AppContainer environment is considered a defensible security boundary, any process that is able to bypass the boundary is considered a change in Scope. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment."

Also remediated by Microsoft include a number of remote code execution bugs in Windows Network File System (CVE-2022-22029 and CVE-2022-22039), Windows Graphics (CVE-2022-30221), Remote Procedure Call Runtime (CVE-2022-22038), and Windows Shell (CVE-2022-30222).

The update further stands out for patching as many as 32 issues in the Azure Site Recovery disaster recovery service. Two of these flaws are related to remote code execution and the remaining 30 concern privilege escalation.

"Successful exploitation \[...\] requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server," the company said, adding the flaws do not "allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable."

On top of that, Microsoft's July update also contains fixes for four privilege escalation vulnerabilities in the Windows Print Spooler module (CVE-2022-22022, CVE-2022-22041, CVE-2022-30206, and CVE-2022-30226) after a brief respite in June 2022, underscoring what appears to be a never-ending stream of flaws plaguing the technology.

Rounding off the Patch Tuesday updates are two notable fixes for tampering vulnerabilities in the Windows Server Service (CVE-2022-30216) and Microsoft Defender for Endpoint (CVE-2022-33637) and three denial-of-service (DoS) flaws in Internet Information Services (CVE-2022-22025 and CVE-2022-22040) and Security Account Manager (CVE-2022-30208).

**Software Patches from Other Vendors**

In addition to Microsoft, security updates have also been released by other vendors since the start of the month to rectify several vulnerabilities, including —

*   Adobe
*   AMD
*   Android
*   Apache Projects
*   Cisco
*   Citrix
*   Dell
*   Fortinet
*   GitLab
*   Google Chrome
*   HP
*   Intel
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   Qualcomm
*   SAP
*   Schneider Electric
*   Siemens, and
*   VMware

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.

Advisory ID: VMSA-2022-0019

CVSSv3 Range: 3.9

Issue Date: 2022-07-12

Updated On: 2022-07-12 (Initial Advisory)

CVE(s): CVE-2022-31654, CVE-2022-31655

Synopsis: VMware vRealize Log Insight contains multiple stored cross-site scripting vulnerabilities

Share this page on social media

Sign up for Security Advisories

****1\. Impacted Products****

*   VMware vRealize Log Insight

****2\. Introduction****

Multiple cross-site scripting vulnerabilities in vRealize Log Insight were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products. 

****3\. VMware vRealize Log Insight updates address multiple Cross Site Scripting (XSS) vulnerabilities (CVE-2022-31654, CVE-2022-31655)****

VMware vRealize Log Insight contains multiple stored cross-site scripting (XSS) vulnerabilities. VMware has evaluated the severity of these issues to be in the Low severity range with a maximum CVSSv3 base score of 3.9.

A malicious actor with admin privileges may be able to inject malicious code into alerts and configurations due to improper input sanitization. 

To remediate CVE-2022-31654 and CVE-2022-31655, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

VMware would like to thank Subramanian S for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

VMware vRealize Log Insight

8.x

Any

CVE-2022-31654, CVE-2022-31655

3.9

low

8.8.2

None

None

****4\. References****

****5\. Change Log****

**2022-07-12: VMSA-2022-0019  
**Initial security advisory.

****6\. Contact****

CVE-2022-31655: VMSA-2022-0019

VMware Security Advisory 2022-0025.2 - VMware vCenter Server updates address a privilege escalation vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256VMSA-2021-0025.2 - VMware vCenter Server updates address a privilegeescalation vulnerability (CVE-2021-22048)Please see the updated advisory here:https://www.vmware.com/security/advisories/VMSA-2021-0025.htmlChangelog:2022-07-12 VMSA-2021-0025.2Added fixed version of vCenter Server 7.0 in the Response Matrix.You are receiving this alert because you are subscribed to the VMwareSecurity Announcements mailing list. To modify your subscription orunsubscribe please visithttps://lists.vmware.com/mailman/listinfo/security-announce-----BEGIN PGP SIGNATURE-----Version: Encryption Desktop 10.4.2 (Build 1298)Charset: utf-8wlcDBQFizaTKkn/yQ99+VXERCMMrAP9wfQ17yKLa0i2ak5mNIaYBY7E2/loPhYGa4ia2SInBsAD/UFUGamgdbuSEqZN0snicBLxrW3XsXUoqdaonZtuivZs==c+A+-----END PGP SIGNATURE-----

VMware Security Advisory 2022-0025.2

VMware Security Advisory 2022-0020 - VMware ESXi addresses return-stack-buffer-underflow and branch type confusion vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256VMSA-2022-0020 - VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilitiesPlease see the advisory here: https://www.vmware.com/security/advisories/VMSA-2022-0020.htmlImpacted Products:VMware ESXiVMware Cloud FoundationYou are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce.-----BEGIN PGP SIGNATURE-----iHUEAREIAB0WIQQ950nPZL1VtgrpULuSf/JD335VcQUCYs1ybgAKCRCSf/JD335VcemBAQCtSJUfnQDsdavFHtgVgxs6iiL5nTL8s1OOW3R9e/GLsgEAwYlWEECwpVCt4hNcGklmHBtwMHldVc4Cmq7XEaRK+bk==Ckt0-----END PGP SIGNATURE-----

VMware Security Advisory 2022-0020

VMware Security Advisory 2022-0018 - VMware vCenter Server updates address a server-side request forgery vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256VMSA-2022-0018 - VMware vCenter Server updates address a server-siderequest forgery vulnerability (CVE-2022-22982)Please see the advisory here:https://www.vmware.com/security/advisories/VMSA-2022-0018.htmlImpacted Products:VMware vCenter Server (vCenter Server)VMware Cloud Foundation (Cloud Foundation)You are receiving this alert because you are subscribed to the VMwareSecurity Announcements mailing list. To modify your subscription orunsubscribe please visithttps://lists.vmware.com/mailman/listinfo/security-announce.-----BEGIN PGP SIGNATURE-----Version: Encryption Desktop 10.4.2 (Build 1298)Charset: utf-8wlcDBQFizaSpkn/yQ99+VXERCLs9AP46BD/HVnf+SOGAK/4PEO8CFvxURiIrNSwWsP8lrPMKgAEA7X2klsu/HlQSLtfuqXy26uv3HRIqLfti5mmtuKT60KM==rvrI-----END PGP SIGNATURE-----

Tag

#vmware