What Expert Says On VMWare ESXi Vulnerability To Encrypt Virtual Hard Disks

A criminal group that deployed the RansomExx ransomware is actively exploting the vulnerabilities in VMWare ESXi to encrypt the victim’s virtual hard drive. A senior security engineer commented below on these vulnerabilities.

Experts Comments

February 03, 2021
Stephen Kapp
CTO and Founder
Cortex Insight

The targeting of enterprise infrastructure by ransomware is a good example of why it is important to carry out updates and patching for all elements within the enterprise. A significant level of effort is put into updating and patching your normal Desktop and Server operating systems, but the underlying systems for virtualisation that support these are often overlooked.

February 03, 2021
Natalie Page
Cyber Threat Intelligence Analyst
Talion

Due to its global prevalence, VMWare is a lucrative platform for attackers to target. Luckily the recommendations in this instance are pretty straight forward, users of VMWare ESXi should prioritise implementing patches for both CVE-2019-5544 and CVE-2020-3992, or disable SLP support to prevent attacks if the protocol isn't needed.

February 03, 2021
Boris Cipot
Senior Sales Engineer
Synopsys

If an attacker is in the network and able to access the port 427, they are likely to have already exploited the vulnerability, as the RansomExx group has shown. Organisations should not assume that this is just a ‘possibility’. The vulnerabilities CVE-2019-5544 and CVE-2020-3992 are present in the OpenSLP (Service Location Protocol) component and can be misused by the attacker to conduct a remote code execution.  

 

These vulnerabilities are critical and should not be taken lightly.

.....Read More

If an attacker is in the network and able to access the port 427, they are likely to have already exploited the vulnerability, as the RansomExx group has shown. Organisations should not assume that this is just a ‘possibility’. The vulnerabilities CVE-2019-5544 and CVE-2020-3992 are present in the OpenSLP (Service Location Protocol) component and can be misused by the attacker to conduct a remote code execution.  

 

These vulnerabilities are critical and should not be taken lightly. Organisations using software that has been identified as being vulnerable, should patch the vulnerabilities with available patches immediately.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.