Posted on Thursday September 08, 2016
Sometimes technology solutions seem safer merely because they're not widespread enough to be a lucrative target. Although increasingly popular, virtualization's resilient protection protocols and low adoption rates tend to offset the cost vs. benefit considerations of creating an exploit. Or at least, that was the case. Late last month VMware announced an update to patch a gap that allowed attackers to compromise virtualized cloud infrastructures. We've compiled everything you need to know to protect yourself here.
Since its first software release in 2001, VMware has remained the leading provider of virtualization platforms, with most sources estimating double-digit leads in market share over the nearest competitor. By creating virtual environments stored on a network server or in a cloud environment, the company has given their clients the ability to create workstations, software, and even networks that can be utilized remotely. Fast forward to today, and VMware is working overtime to maintain its reputation by preempting software security vulnerabilities.
Obviously, when delivering any kind of specialized privileges over a network, adequate protection is of the utmost concern. In this case, two services for managing mobile clouds (vIDM and vRealize) were found to be vulnerable to exploits wherein users with minimal rights could cheat their way into full administrative privileges.
The security team at VMware elaborated that when executed in just one of the two services, this flaw would not be considered critical. However, when combined, it could pose an imminent threat to the security of your cloud infrastructure. To amend this oversight, ask your managed services provider or IT staff to update vIDM and vRealize to their most recent versions (2.7 and 7.1, respectively) as soon as possible. If this can't be achieved in a realistic time frame, blocking port 40002 would act as a temporary workaround.
Sufficient security requires by-the-minute responses to the latest breaches and exploits. By partnering with us, you'll never need to worry about checking in regarding patches or breaches you read about in the news. Instead, you'll be hearing about them from us when we come around to install the updates. Choose the safe option -- contact us today with any of your virtualization needs or questions.