VMware Critical Security Advisory VMSA-2021-0020 Issued
VMware has issued a security advisory, VMSA-2021-0020. The product impacted with this advisory is vCenter Server 6.5, 6.7 and 7.0. Anyone running a vSphere environment knows how critical vCenter server is to the proper functioning of the virtual environment, so this is an important update to consider applying as soon as possible.
According to Bob Plankers on the VMware vSphere blog
VMware has released patches that address a new critical security advisory, VMSA-2021-0020. This needs your immediate attention if you are using vCenter Server (if you didn’t get an email about it, please subscribe to our Security Advisories mailing list). In most cases a security advisory is straightforward, but sometimes there are nuances that are worth extra discussion. That is the case here, and the goal of this post is to help you decide your course forward.
This advisory covers many Common Vulnerabilities and Exposures (CVE). VMware has confirmed reports that CVE-2021-22005 is being exploited in the wild. This should provide you and your security team some urgency around how quickly you need to apply this update. VMware is considering this an ’emergency change’, and you will want to coordinate this with your change management, security, and applications teams.
VMware is offering a patch or workaround method (until you can patch) but in my experience I always go with the patch. I have found other IT admins when working with a workaround will leave it in and forget to come back to remove or update it and when it comes time for a system upgrade, well, things can do sideways.
Always take the steps to inform your management team that a vulnerability exists, and you have a plan to address it. Include your security team so they are informed and can take additional steps to monitor and observe any unusual behavior on the network.
Have you already applied the patch? How do you typically handle these types of security advisories? Please let me know on Twitter, and thanks for reading.