BSI warns of vulnerability in VMware ESXi

March 3, 2023 Datenschutz, IT-Security, Sicherheitslücke

A new wave of ransomware attacks is threatening numerous servers in Europe. The attacks focus on the hypervisors in VMware's virtualisation server ESXi. Patches are available, Greenbone's products can protect and help find the vulnerability..

The BSI warns explicitly warns of the vulnerability and speaks in its current information on the security situation of thousands of servers and a worldwide threat with a focus on Europe, the USA and Canada, using a vulnerability that the manufacturer already patched almost two years ago: (CVE-2021-21974).

Not only VMWare servers themselves at risk

According to IT security portal Hackernews, French provider OVHcloud has confirmed the open source implementation of the IETF Service Location Protocol (OpenSLP) as a gateway. The threat situation for IT systems is classified as business-critical - the successful attack with ransomware can therefore also cause massive impairments to regular operations in this case. What is particularly serious about attacks of this type is that under certain circumstances not only institutions that use VMware ESXi themselves are affected, but also third parties - for example via the server systems hosted in VMware virtualisation.

France, Italy, Finland, Canada and the USA

The suspicion that European organisations and institutions were the main focus of the attackers in the latest wave of attacks was also confirmed a few days later when the Italian National Cybersecurity Agency ACN warned of the vulnerabilities and a "large-scale wave of attacks". A Reuters report also speaks of attacks in Finland and the USA.

However, users can protect themselves: The manufacturer VMware advises upgrading to the latest version of its software - and installing the patch. In general, systems like Greenbone Vulnerability Management help to prevent such intrusions by finding the unpatched gaps and proactively warning administrators in reports.

Checking with the Greenbone Cloud

The installation of the Vmware patch is free of charge, as is a check of your systems with the Greenbone Cloud Service Trial. In general, administrators should always ensure that all backups are secured against ransomware and check log files for suspicious system access - the BSI lists six questions on the checklist in its warning that every administrator should ask themselves now.