News & Blog

VMware Releases Patch to Address Zero-Day Vulnerability 

News & Blog

VMware

 

Chris White, Senior Data Center Engineer
Advanced Logic Industries

Recently, a sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) was privately reported to VMware. In response to this zero-day vulnerability, VMware released a patch for vCenter 6.7. The patch addresses a vulnerability in the single sign-on functionality of the Platform Services Controller (PSC) portion of vCenter.

It has been evaluated that the severity of this issue falls within the Critical severity range with a maximum CVSSv3 base score of 10.0. This is due to the fact that a malicious actor with network access to an affected vdmir deployment can disclose highly sensitive information. Which, in turn, could be used to compromise vCenter Server or other services that are dependent upon vmdir for authentication.

You can learn more about this latest Security Advisory here.

Need Help?  

For our managed IT clients, we are already implementing patches and coordinating with those IT teams. If you need help  either assessing applicability for your VMware implementation or providing patching support, we’re available to help.

Request Support

Get Immediate Updates

Want to be the first to know when we post content like this on our blog?  Hit the green “Follow” button with the email icon below to opt in to our blog feed and you’ll get updates via email as soon as they go live here.

 

Connect, share & learn more:
onpost_follow
Tweet
Share

Leave a Reply

Your email address will not be published. Required fields are marked *

More Resources

Upcoming event details

Register Here

Check out this great download

Download

close

Enjoy this blog? Share with a colleague!