VMware ESXi 7.0 U3k Patch for Secure Boot Issue (KB5022842, Feb. 2023 update)
VMware has released VMware ESXi 7.0 U3k patch on 21 February 2023 to address the Secure Boot issue of VMs.
1 min read
ait-admin
:
Feb 1, 2023 12:59:35 PM
VMware has released updates for a group of four vulnerabilities in its vRealize Log Insight logging platform, three of which can be combined to achieve remote code execution with root privileges. Researchers have developed a working exploit for the bug chain and are urging enterprises to install the patches as soon as possible. Now known as VMware Aria Operations for Logs, vRealize Log Insight makes it easier for VMware admins to analyse and manage terabytes of infrastructure and application logs.
The four critical vulnerabilities in vRealize Log Insight include a directory traversal flaw, an information disclosure bug, a broken access control bug, and a denial-of-service flaw. VMware released updates to address the bugs on Jan. 24, but now researchers at Horizon3 have developed a working exploit for the bugs and are planning to release a detailed technical analysis of the weaknesses and exploit soon.
VMware has advised that the vulnerabilities were addressed with VMware vRealize Log Insight 8.10.2.
Please read full VMware Security Advisory here.
Workaround Available
Workarounds for CVE-2022-31710 can be found in the 'Workaround' column of the 'Response Matrix' on this VMware advisory.
The company also shared a temporary fix for admins who cannot immediately deploy today's security updates in their environments.
VMware has finally released a patch to address privilege escalation vulnerability CVE-2021-22048 which was disclosed to users 8 months ago. The...
As originally announced by VMware in May 2022, the End of General Support for vSphere 6.5 and vSphere 6.7 is October 15, 2022. Technical Guidance for...