WASHINGTON—The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 22-03 (ED 22-03) Mitigate VMware Vulnerabilities, requiring federal civilian executive branch agencies running specific VMware products to apply VMware updates or remove the products from agency networks until the update can be applied.
Although ED 22-03 is only directed to federal agencies, CISA is encouraging public and private sector organizations to review it, along with its cybersecurity advisory, and take steps to mitigate these vulnerabilities before they can be exploited by malicious cyber actors.
According to CISA, the emergency directive is in response to observed or expected active exploitation of a series of vulnerabilities in the following VMware products:
- VMware Workspace ONE Access (Access)
- VMware Identity Manager (vIDM)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager (impacted VMware products)
CISA said successful exploitation of any one of the four vulnerabilities permits attackers to execute remote code on a system without authentication and elevate privileges.
Advisory Published
In addition to ED 22-03, CISA has also published a cybersecurity advisory, Threat Actors Chaining VMware Vulnerabilities for Full System Control, with additional details on the exploitation, detection methods, incident response recommendations, and mitigation guidance.
VMware released updates for CVE-2022-22954 and CVE-2022-22960 on April 6, 2022, and, according to a trusted third party, malicious cyber actors were able to reverse engineer the updates to develop an exploit within 48 hours and quickly began exploiting the disclosed vulnerabilities in unpatched devices, according to CISA.
In its response to the warning, CUNA said, “Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released vulnerabilities in the same affected impacted VMware products.”
Are You Missing Out?
Don’t forget to check your Spam/Junk email folder if you haven’t been receiving your free, popular and daily CUToday.info news headlines.
And if you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time.
CUToday.info has received very positive response from readers following the move to an improved provider of the daily headlines, but many also noted they did need to go to their Spam/Junk folder and mark it as safe.
The new email solution has not only improved every reader’s delivery experience, but it also features a fresh, new format that is easy to read, especially on mobile devices.
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com