Knowledge base

July 27, 2024

Microsoft Warns of Critical Vulnerability in VMware ESXi

Microsoft recently issued an urgent warning about a serious vulnerability in VMware ESXi that is being actively exploited by ransomware gangs.
This vulnerability, known as CVE-2024-37085, allows attackers to add a user with full administrative privileges to an ESXi hypervisor.
This could have devastating consequences for organizations using this technology.
In this blog post, we discuss the details of this vulnerability, the ransomware groups involved and how companies can protect themselves.

What is CVE-2024-37085?

CVE-2024-37085 is a critical security flaw in VMware ESXi, a popular hypervisor used to run virtual machines.
The vulnerability allows attackers to remotely add a user with full administrative privileges to the hypervisor.
This allows them to gain full control over the virtual machines and the underlying hardware.

Details of Vulnerability

  • Name: CVE-2024-37085
  • Impact: full administrative control
  • Exploitations: Actively exploited in the wild
  • Affected Groups: Storm-0506, Black Basta ransomware

Who are the Attackers?

The exploitation of this vulnerability is primarily attributed to Storm-0506, a notorious group responsible for the spread of the Black Basta ransomware.
This group targeted a North American engineering firm, exploiting this vulnerability to carry out their attacks.

Methods of attack by Storm-0506

  • Obtaining Access: Using CVE-2024-37085 to obtain administrative access.
  • Installing ransomware: Deploy Black Basta ransomware to encrypt systems.
  • Consequences: Data theft, system downtime and financial damage from ransom payments.

How Can Companies Protect themselves?

It is crucial for businesses to take immediate action to protect themselves from this vulnerability.
Here are some steps companies can take:

1. Patching and Updates

  • 🛠️ Install the latest security patches from VMware for ESXi.
  • 🔄 Perform regular updates for all software and systems.

2. Security checks

  • 🕵️ Perform penetration testing to identify vulnerabilities in your network.
  • 🔒 Implement strict access controls to prevent unauthorized access.

3. Backups and Recovery Plans.

  • 💾 Make regular backups of all critical data.
  • 🔧 Create recovery plans to respond quickly to a ransomware attack.

4. Awareness and Training

  • 📚 Trainings for employees to make them aware of the dangers of ransomware and phishing attacks.
  • 👨‍💻 Simulation exercises to test team preparedness.

Conclusion

The discovery of CVE-2024-37085 underscores the importance of proactive security measures.
Companies should take immediate action to patch this vulnerability and strengthen their security strategies.
By taking the right measures, organizations can protect themselves from the devastating effects of ransomware attacks.
Stay on top of the latest security updates and make sure your systems are always up-to-date to minimize the risks of such vulnerabilities.

Want to know more?

Get in touch
VMware ESXi