Remediation: There are no feasible workarounds for these vulnerabilities except for deploying the released patches. VMware ESXi customers can install VMware ESXi 8.0 Update 3d, VMware ESXi 8.0 Update 2d, or VMware ESXi 7.0 Update 3s, depending on their edition. ESX 6.5 and 6.7 have also released patches, but these are available only to customers with extended support contracts.”Broadcom recommends the use of vMotion to relocate virtual machines to alternate hosts while you update, in a ‘rolling reboot’ fashion,” the company said in an FAQ document. “Virtual machines that do not use vMotion will need to be powered down during the host restart.”Companies running VMware vSphere (7.x and 8.x), VMware Cloud Foundation (4.5.x and 5.x), VMware Telco Cloud Platform (2.x through 5.x), and VMware Telco Cloud Infrastructure (2.x and 3.x) should deploy the ESXi patches that correspond to the edition included in their products. Broadcom has provided individual support documents with instructions for these products in its advisory.VMware Workstation 17.x users should upgrade to 17.6.3 and VMware Fusion 13.x users should upgrade to version 13.6.3.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3837874/vmware-esxi-gets-critical-patches-for-in-the-wild-virtual-machine-escape-attack.html
