Hypervisor Hacked: The VMware Admin Loophole Exposed
Hackers are exploiting a vulnerability in VMware's ESXi hypervisor (CVE-2024-37085) that allows them to gain full administrative control by simply creating a domain group named "ESX Admins."
Dan Goodin writes for Ars Technica
Full administrative control of the hypervisor gives attackers various capabilities, including encrypting the file system and taking down the servers they host. The hypervisor control can also allow attackers to access hosted virtual machines to either exfiltrate data or expand their foothold inside a network. Microsoft discovered the vulnerability under exploit in the normal course of investigating the attacks and reported it to VMware. VMware parent company Broadcom patched the vulnerability on Thursday.
Microsoft discovered and reported the vulnerability, leading to a patch from VMware, and advises immediate action to mitigate the ongoing attacks.