VMware recently announced that it's vCenter Server has a critical bug that needs to be patched immediately. The vulnerability (CVE-2021-21985 & CVE-2021-21986) has a rating of High and VMware is asking customers to pay immediate attention. The company has already released the patch for the security hole that a hacker could exploit by accessing vCenter Server over the port 443.
The patch would first fix the ability to execute code remotely, and secondly it will improve the Server Plugin Framework to strengthen the plugin authentication. VMware advised that if you can't patch it immediately, then you should stop using vSAN. There is other critical advisory that you can find in their news release here.
What should I be doing?
If you are in technology team, then you probably already know what to do. If you are in Vendor Management / Sourcing, then you should get in touch with your TAO and Cyber Security team to provide any contractual support that they might need. Keep your VMware contract ready, and get comfortable with language on Disaster Recovery, Privacy clauses, Unaddressed findings from previous external audit, update the escalation matrix, and anything else they might need. Ask other vendors who might be affected, what are they doing to fix it and what's the target date for patching their vCenter Servers.
0 Comments