What Expert Says On VMWare ESXi Vulnerability To Encrypt Virtual Hard Disks

By   ISBuzz Team
Writer , Information Security Buzz | Feb 03, 2021 08:19 am PST

A criminal group that deployed the RansomExx ransomware is actively exploting the vulnerabilities in VMWare ESXi to encrypt the victim’s virtual hard drive. A senior security engineer commented below on these vulnerabilities.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Stephen Kapp
Stephen Kapp , CTO and Founder
February 3, 2021 4:31 pm

<p>The targeting of enterprise infrastructure by ransomware is a good example of why it is important to carry out updates and patching for all elements within the enterprise. A significant level of effort is put into updating and patching your normal Desktop and Server operating systems, but the underlying systems for virtualisation that support these are often overlooked.</p>

Last edited 3 years ago by Stephen Kapp
Natalie Page
Natalie Page , Cyber Threat Intelligence Analyst
February 3, 2021 4:29 pm

<p>Due to its global prevalence, VMWare is a lucrative platform for attackers to target. Luckily the recommendations in this instance are pretty straight forward, users of VMWare ESXi should prioritise implementing patches for both CVE-2019-5544 and CVE-2020-3992, or disable SLP support to prevent attacks if the protocol isn\’t needed.</p>

Last edited 3 years ago by Natalie Page
Boris Cipot
Boris Cipot , Senior Sales Engineer
February 3, 2021 4:21 pm

<p>If an attacker is in the network and able to access the port 427, they are likely to have already exploited the vulnerability, as the RansomExx group has shown. Organisations should not assume that this is just a ‘possibility’. The vulnerabilities CVE-2019-5544 and CVE-2020-3992 are present in the OpenSLP (Service Location Protocol) component and can be misused by the attacker to conduct a remote code execution.  </p> <p> </p> <p>These vulnerabilities are critical and should not be taken lightly. Organisations using software that has been identified as being vulnerable, should patch the vulnerabilities with available patches immediately.</p>

Last edited 3 years ago by Boris Cipot

Recent Posts

Would love your thoughts, please comment.x