In a vulnerability attack on flagship products reported yesterday, there seems to be a new development where threat actors have found a leeway to access VMware servers that admins are yet to patch.

  • Hackers are scanning for servers yet to be patched.The security flaw could facilitate more unauthenticated attacks.Researchers are yet to discover an exploit code that could capitalize on the bug.

RCE attacks

If exploited, the security flaw named CVE-2021-22005 has the potential to facilitate unauthenticated, remote code execution attacks without user interaction.

In an era where attackers are continuously evolving and employing new methods, it is strongly recommended that patching is done as soon as possible as they could be lurking anywhere from your network to your user account.

Just a matter of time

The threat actors must have been very active as the threat was scanned by malicious users looking for the unpatched servers within a matter of time.

This is not the first time attackers have taken advantage of an admin who took too long to patch their vCenter servers and swooped in to attack immediately after a vulnerability was reported. You can also bet that this will not be the last time either.

In this year, there have been two similar incidents. Admins can relax a bit as with CVE-2021=22005, there is no exploit code yet that the attackers could use to capitalize on the bug. This does not mean that they should take the matter less seriously.

Any admin who is yet to patch their system should do so promptly as we wait for a solution to address the bug.

Have you been in a position where you were too late to do something, and it led to exposing your system to vulnerabilities? Share your incident in the comment section below.

If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

Still having issues? Fix them with this tool:

SPONSORED

Email *

Commenting as . Not you?

Comment