{"id":27095,"date":"2022-10-23T07:00:54","date_gmt":"2022-10-23T05:00:54","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=27095"},"modified":"2022-10-23T07:00:54","modified_gmt":"2022-10-23T05:00:54","slug":"vmware-schwachstelle-cve-2022-22954-durch-ransomware-bedroht-support-ende-fr-esxi-6-5-6-7","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/10\/23\/vmware-schwachstelle-cve-2022-22954-durch-ransomware-bedroht-support-ende-fr-esxi-6-5-6-7\/","title":{"rendered":"VMware vulnerability CVE-2022-22954 threatened by ransomware, end of support for ESXi 6.5 &amp; 6.7"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/10\/23\/vmware-schwachstelle-cve-2022-22954-durch-ransomware-bedroht-support-ende-fr-esxi-6-5-6-7\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Various VMware products contain the critical vulnerability CVE-2022-22954 , for which a security update was provided back in April 2022. I had addressed the vulnerability in the blog post Warning: critical vulnerabilities in VMware products (April 6, 2022). <\/p>\n<p><!--more--><\/p>\n<h2>Critical vulnerability CVE-2022-22954<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/9db4fadd853c42209209be641abfc7f3\" width=\"1\" height=\"1\">Various VMware products contain the critical vulnerability CVE-2022-22954 , for which a security update was already provided in April 2022. I had addressed the vulnerability in the German blog post <a href=\"https:\/\/www.borncity.com\/blog\/2022\/04\/07\/warnung-kritische-schwachstellen-in-vmware-produkten-6-april-2022\/\" target=\"_blank\" rel=\"noopener\">Warnung: Kritische Schwachstellen in VMware-Produkten (6. April 2022)<\/a> that this vulnerability was the focus of hackers installing a backdoor on unpatched VMware products. In a recent article<a title=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-exploit-critical-vmware-flaw-to-drop-ransomware-miners\/\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-exploit-critical-vmware-flaw-to-drop-ransomware-miners\/\" target=\"_blank\" rel=\"noopener\">Hackers exploit critical VMware flaw to drop ransomware, miners<\/a> colleagues at Bleeping Computer warn against attacking the vulnerability.<\/p>\n<p>Security researchers have observed new malicious campaigns that exploit the critical CVE-2022-22954 vulnerability in VMware Workspace One Access to spread various malware. Among them is the injection of the RAR1Ransom tool, which locks files in password-protected archives. <\/p>\n<p>Fortinet security researchers discovered campaigns in which threat actors used the Mira botnet for distributed denial-of-service (DDoS) attacks, the GuardMiner cryptocurrency miner and the RAR1Ransom tool.<\/p>\n<h2>End of support for ESXi 6.5 &amp; 6.7 servers<\/h2>\n<p>VMware's ESXi 6.5 &amp; 6.7 Server products have reached the end of support, for example, as Lansweeper writes in the following <a href=\"https:\/\/twitter.com\/marshalgraham\/status\/1581995270568837120\" target=\"_blank\" rel=\"noopener\">tweet<\/a> and in <a href=\"https:\/\/www.lansweeper.com\/eol\/vmware-esxi-end-of-life\/\" target=\"_blank\" rel=\"noopener\">this article<\/a>. It says that ESXi 6.5 and 6.7 will be out of general support on October 15, 2022. <\/p>\n<p><a href=\"https:\/\/twitter.com\/marshalgraham\/status\/1581995270568837120\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"EOL for ESXi 6.5 &amp; 6.7 Server\" alt=\"EOL for ESXi 6.5 &amp; 6.7 Server\" src=\"https:\/\/i.imgur.com\/4YB8osv.png\"><\/a><\/p>\n<p>The Technical Guidance phase will run until November 15, 2023. However, VMware is offering 2 years of extended support for ESXi 6.5 and 6.7, which means you will be eligible for support until October 15, 2024. To receive continuous support, you must purchase extended support before the end of general support. This extended support does not include updates to third-party software packages. There will be no architectural improvements, performance enhancements, or feature enhancements. Security patches are limited to one roll-up per year.<\/p>\n<p>Bleeping Computer writes <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/over-45-000-vmware-esxi-servers-just-reached-end-of-life\/?utm_content=224872099&amp;utm_medium=social&amp;utm_source=twitter&amp;hss_channel=tw-1234855053317541891\" target=\"_blank\" rel=\"noopener\">here<\/a>, that more than 45,000 VMware ESXi servers are affected by this end-of-life (EOL) and will now no longer receive software and security updates without extended support.<\/p>\n<p><a href=\"https:\/\/twitter.com\/xcpng\/status\/1582745411772899330\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Migrate to XCP-ng\/Xen Orchestra\" alt=\"Migrate to XCP-ng\/Xen Orchestra\" src=\"https:\/\/i.imgur.com\/95OqCBU.png\"><\/a><\/p>\n<p>The t<a href=\"https:\/\/twitter.com\/xcpng\/status\/1582745411772899330\" target=\"_blank\" rel=\"noopener\">weet<\/a> above from xcp-ng.org use the end of support to promotes a switch to XCP-ng as a virtualization solution. In <a href=\"https:\/\/xcp-ng.org\/blog\/2022\/10\/19\/migrate-from-vmware-to-xcp-ng\/\" target=\"_blank\" rel=\"noopener\">this article<\/a> possible reasons for the switch include the new VMware licensing model and the recent acquisition by Broadcom are mentioned.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Various VMware products contain the critical vulnerability CVE-2022-22954 , for which a security update was provided back in April 2022. I had addressed the vulnerability in the blog post Warning: critical vulnerabilities in VMware products (April 6, 2022).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,1218],"tags":[69,1710],"class_list":["post-27095","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-virtualization","tag-security","tag-vmware"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/27095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=27095"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/27095\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=27095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=27095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=27095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}