Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to the domain-joined hypervisor.
The issue, identified as CVE-2024-37085, granted full administrative privileges to domain group members, without proper authentication. It has been used by several ransomware groups such as Storm-0506, Storm-1175, Octo Tempest, and Manatee Tempest, after gaining access to the network, to use the ransomware.
“While there are worse things that can happen in the weeks leading up to your client’s event with our partners, a vulnerability announcement based on an exploit that was seen in the wild, that’s where it’s at,” commented John Annand, research. practice leadership at the Info-Tech Research Group. “Therefore, Broadcom, and Microsoft for that matter, are still forced to spend more time and effort on verification instead of customer incentives.”
Source link