Last month attackers quickly reverse-engineered VMware patches to launch RCE attacks. CISA warns it's going to happen again.
The Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive requiring federal civilian executive branch agencies to update their VMware products impacted by a pair of new vulnerabilities or remove them from their networks.
The VMware bugs – CVE-2022-22972 and CVE-2022-22973 – expose several VMware products to remote code-execution (RCE) attacks.
CISA said that last month, within just 48 hours of VMware patching its VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, advanced persistent threat (APT) actors were able to reverse-engineer the updates to launch attacks.
"These vulnerabilities pose an unacceptable risk to federal network security," CISA director said Jen Easterly in a statement. "CISA has issued this emergency directive to ensure that federal civilian agencies take urgent action to protect their networks. We also strongly urge every organization – large and small – to follow the federal government's lead and take similar steps to safeguard their networks."
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024