VMware has started releasing patches and workarounds for the Virtual Appliance products affected by the recently disclosed CPU vulnerabilities known as Meltdown and Spectre.
According to an advisory published on Thursday, Meltdown and Spectre impact several VMware Virtual Appliances, including vCloud Usage Meter (UM), Identity Manager (vIDM), vCenter Server (vCSA), vSphere Data Protection (VDP), vSphere Integrated Containers (VIC) and vRealize Automation (vRA).
VMware has so far released a patch only for its VIC product, and workarounds have been made available for UM, vIDM, vCSA, and vRA. vCSA 5.5 is not affected, and neither patches nor workarounds have been released for VDP.
VMware has released separate advisories describing the specific workarounds for each product. The company advised users not to apply workarounds to other products than the one they are intended for, and pointed out that the workarounds are only meant to be a temporary solution until permanent fixes become available.
The Meltdown and Spectre attacks allow malicious applications to bypass memory isolation mechanisms and access potentially sensitive data. Billions of devices using Intel, AMD, ARM, Qualcomm and IBM processors are affected.
Intel started releasing microcode updates for its processors shortly after the flaws were disclosed, but the company decided to halt updates due to frequent reboots and unpredictable system behavior.
Following Intel’s announcement, VMware informed customers that it had decided to delay new releases of microcode updates for its ESXi hypervisor until the chipmaker addresses problems.
Intel announced this week that it has identified the root of an issue that caused systems to reboot more frequently and started releasing a new round of patches.
Intel and AMD told customers that their future products will include built-in protections for exploits such as Specter and Meltdown.
Related: VMware Patches Vulnerabilities in vCenter Server
Related: Code Execution Flaws Patched in Several VMware Products
Related: Serious Flaws Affect Dell EMC, VMware Data Protection Products
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
- Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
Latest News
- Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Report: Chinese State-Sponsored Hacking Group Highly Active
- Votiro Raises $11.5 Million to Prevent File-Borne Threats
- Lumen Technologies Hit by Two Cyberattacks
- Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
