Unfortunately, I find some administrators treat their hypervisors like they do their routers. Since hypervisors often support production servers, administrators don’t like messing with them by updating them regularly. You know the old adage… “If it ain’t broke, don’t fix it.” That said, I’d argue that if your critical production server suffers from security flaws, then it’s surely broken.
With that in mind, VMware administrators running ESXi, vCenter or vSphere need to update soon. Recently, VMware released a security advisory warning of a handful of vulnerabilities in these popular hypervisor products. The flaws span from Denial of Service (DoS) issues, to elevation of privilege vulnerabilities. While I wouldn’t classify any of the problems as overly critical, I still think it’s worth updating your hypervisor as soon as you can. You can find more information about these flaws, and where to find patches, in VMware’s advisory. — Corey Nachreiner, CISSP (@SecAdept)