Vulnerability Management

VMware reissues patch to fix RCE vulnerability in vCenter Server

A patch released in October by VMware failed to completely fix a remote code execution vulnerability (CVE-2015-2342) in vCenter Server that had been rated critical, but corrected the issue by releasing an additional patch Saturday.

After the original patch was issued, “subsequently, it was found that the fix…was incomplete and did not address the issue,” the VMware advisory said. The company gave the nod to Doug McLeod of 7 Elements Ltd. and an anonymous researcher working through the HP Zero Day Initiative for discovering the shortcoming.

The company urged users to patch immediately. “Even if the Windows Firewall is enabled, users are advised to install the additional patch in order to remove the local privilege elevation,” the advisory said.

Related

GAO: Most Biden cybersecurity EO requirements achieved

Forty-nine of 55 requirements under the Biden administration's executive order aimed at bolstering federal IT systems' cybersecurity defenses were noted by the Government Accountability Office to have already been fulfilled by the Cybersecurity and Infrastructure Security Agency, the Office of Management and Budget, and the National Institute of Standards and Technology, reports FedScoop.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.