Recently, an article on the Internet about VMware vSphere being attacked by ransomware virus has attracted the attention of security personnel. The article details that after the virtual machine was attacked by ransomware virus, a large number of virtual organs were closed, the virtual machine was shut down and could not be connected, leading to serious problems such as shutdown of the user's production environment.
According to the analysis of the researchers, this attack is related to the Ransomexx ransomware. This ransomware attack caused the virtual machine disk file.vmdk and virtual machine description file.vmx of VMware vSphere part to be renamed, manually opened the.vmx file, and found that the.vmx file was encrypted.In addition, in the VMware VM-Support log collection package, there is also a ransomware generated specification file.The attacker exploited two Remote Code Execution Vulnerability (CVE-2019-5544 and CVE-2020-3992) in VMware ESXI.
CVE-2019-5544 vulnerability scope of influence:
ESXi 6.7
ESXi 6.5
ESXi 6.0
CVE-2020-3992 vulnerability scope of influence:
ESXi 7.0
ESXi 6.7
ESXi 6.5
VMware Cloud Foundation (ESXi) 4.x
VMware Cloud Foundation (ESXi) 3.x
VMware Solutions
ü For CVE-2019-5544 vulnerability, please upgrade ESXI version:
ESXi 6.7 Patch Release ESXi670-201912001
https://my.v
https://docs
ESXi 6.5 Patch Release ESXi650-201912001
https://my.v
https://docs
ESXi 6.0 Patch Release ESXi600-201912001
https://my.v
https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201912001.html
Please back up your information and refer to VMware Notices or consult VMware before fixing the vulnerability.VMware Notification Links::
https://www.vmware.com/security/advisories/VMSA-2019-0022.html
ü For CVE-2020-3992 vulnerability, please upgrade ESXI version.
Influenced version | Upgraded version |
ESXi 7.0 | ESXi70U1a-17119627 |
ESXi 6.7 | ESXi670-202011301-SG |
ESXi 6.5 | ESXi650-202011401-SG |
VMware Cloud Foundation (ESXi) 4.x | 4.1.0.1 |
VMware Cloud Foundation (ESXi) 3.x | 3.10.1.2 |
Refer to the link
https://www.vmware.com/security/advisories/VMSA-2019-0022.html
https://www.