Go buy your vSysadmins a big choccy egg: their Easter is in peril
VMware has confirmed that 27 of its products need patches for the Heartbleed bug.
The bad news is that Virtzilla says it “expects to have updated products and patches for all affected products … by April 19th.”
Full Article
VMware reveals 27-patch Heartbleed fix plan
Userlevel 7
+54
Userlevel 7
Thanks Jasper!
Regards,
Mike
Regards,
Mike
Userlevel 7
+62
Hi Jasper, Nice to know things are getting patched!! This Heartbleed is alot to handle and having to change passwords is easier then patching.
Anyways,
Sherry
Anyways,
Sherry
Userlevel 7
The following is a update on VMware patches
VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable
by Dennis Fisher / June 12, 2014
While the group of vulnerabilities that the OpenSSL Project patched last week hasn’t grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products. Vendors are still making their way through the patching process, and VMware has released an advisory confirming that a long list of its products are vulnerable to the latest OpenSSL bugs. The company said in the advisory that there is only a patch available for one of its products right now, ESXi 5.5. VMware sells a huge line of products that includes both clients and servers, which makes the patching process for the most serious of the recent OpenSSL vulnerabilities even more onerous. The critical vulnerability in this group is CVE-2014-0224, a flaw that could enable an attacker to intercept and decrypt traffic between vulnerable clients and a vulnerable server. Both the client and server must be running flawed versions of the software in order for the attack to succeed.
threat post/ full read here/ http://threatpost.com/vmware-patches-esxi-against-openssl-flaw-but-many-other-products-still-vulnerable/106605
VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable
by Dennis Fisher / June 12, 2014
While the group of vulnerabilities that the OpenSSL Project patched last week hasn’t grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products. Vendors are still making their way through the patching process, and VMware has released an advisory confirming that a long list of its products are vulnerable to the latest OpenSSL bugs. The company said in the advisory that there is only a patch available for one of its products right now, ESXi 5.5. VMware sells a huge line of products that includes both clients and servers, which makes the patching process for the most serious of the recent OpenSSL vulnerabilities even more onerous. The critical vulnerability in this group is CVE-2014-0224, a flaw that could enable an attacker to intercept and decrypt traffic between vulnerable clients and a vulnerable server. Both the client and server must be running flawed versions of the software in order for the attack to succeed.
threat post/ full read here/ http://threatpost.com/vmware-patches-esxi-against-openssl-flaw-but-many-other-products-still-vulnerable/106605
Userlevel 7
+56
WoW still no update for my VMware Workstation 10.0.2 (patch pending) good thing I have WSA to cover my back and installed on my VM's!
Daniel ;)
Daniel ;)
Userlevel 7
The following is another update on Heartbleed fixes
Commnet: Organisations are falling behind on securing their installations
By Eduard Kovacs on July 25, 2014
VMware released a series of updates to address the OpenSSL vulnerability known as Heartbleed in its products in April, but many organizations still haven't secured their installations, virtualization management firm CloudPhysics reported on Monday.
Based on machine metadata collected from virtualized datacenters, CloudPhysics determined that 57% of VMware vCenter servers and 58% of VMware ESXi hypervisor hosts are still vulnerable to Heartbleed attacks.
"This is a remarkably high percentage given that ESX run the majority of business critical VMs in the world. I speculate that IT teams are more lax about patching ESXi since those machines are typically behind the firewall and not easy to reach from the outside world," Irfan Ahmad, CTO and co-founder of CloudPhysics, wrote in a blog post.
SecurityWeek/ Full Read Here/ http://www.securityweek.com/organizations-slow-patching-heartbleed-vmware-deployments-report
Commnet: Organisations are falling behind on securing their installations
By Eduard Kovacs on July 25, 2014
VMware released a series of updates to address the OpenSSL vulnerability known as Heartbleed in its products in April, but many organizations still haven't secured their installations, virtualization management firm CloudPhysics reported on Monday.
Based on machine metadata collected from virtualized datacenters, CloudPhysics determined that 57% of VMware vCenter servers and 58% of VMware ESXi hypervisor hosts are still vulnerable to Heartbleed attacks.
"This is a remarkably high percentage given that ESX run the majority of business critical VMs in the world. I speculate that IT teams are more lax about patching ESXi since those machines are typically behind the firewall and not easy to reach from the outside world," Irfan Ahmad, CTO and co-founder of CloudPhysics, wrote in a blog post.
SecurityWeek/ Full Read Here/ http://www.securityweek.com/organizations-slow-patching-heartbleed-vmware-deployments-report
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.