Knowledge base

July 27, 2024

Microsoft Warns of Critical Vulnerability in VMware ESXi

Microsoft recently issued an urgent warning about a serious vulnerability in VMware ESXi that is being actively exploited by ransomware gangs.
This vulnerability, known as CVE-2024-37085, allows attackers to add a user with full administrative privileges to an ESXi hypervisor.
This could have devastating consequences for organizations using this technology.
In this blog post, we discuss the details of this vulnerability, the ransomware groups involved and how companies can protect themselves.

Migration from SharePoint On-Premises to SharePoint Online

What is CVE-2024-37085?

CVE-2024-37085 is a critical security flaw in VMware ESXi, a popular hypervisor used to run virtual machines.
The vulnerability allows attackers to remotely add a user with full administrative privileges to the hypervisor.
This allows them to gain full control over the virtual machines and the underlying hardware.

Details of Vulnerability

  • Name: CVE-2024-37085
  • Impact: full administrative control
  • Exploitations: Actively exploited in the wild
  • Affected Groups: Storm-0506, Black Basta ransomware

Who are the Attackers?

The exploitation of this vulnerability is primarily attributed to Storm-0506, a notorious group responsible for the spread of the Black Basta ransomware.
This group targeted a North American engineering firm, exploiting this vulnerability to carry out their attacks.

Methods of attack by Storm-0506

  • Obtaining Access: Using CVE-2024-37085 to obtain administrative access.
  • Installing ransomware: Deploy Black Basta ransomware to encrypt systems.
  • Consequences: Data theft, system downtime and financial damage from ransom payments.

How Can Companies Protect themselves?

It is crucial for businesses to take immediate action to protect themselves from this vulnerability.
Here are some steps companies can take:

1. Patching and Updates

  • 🛠️ Install the latest security patches from VMware for ESXi.
  • 🔄 Perform regular updates for all software and systems.

2. Security checks

  • 🕵️ Perform penetration testing to identify vulnerabilities in your network.
  • 🔒 Implement strict access controls to prevent unauthorized access.

3. Backups and Recovery Plans.

  • 💾 Make regular backups of all critical data.
  • 🔧 Create recovery plans to respond quickly to a ransomware attack.

4. Awareness and Training

  • 📚 Trainings for employees to make them aware of the dangers of ransomware and phishing attacks.
  • 👨‍💻 Simulation exercises to test team preparedness.

Conclusion

The discovery of CVE-2024-37085 underscores the importance of proactive security measures.
Companies should take immediate action to patch this vulnerability and strengthen their security strategies.
By taking the right measures, organizations can protect themselves from the devastating effects of ransomware attacks.
Stay on top of the latest security updates and make sure your systems are always up-to-date to minimize the risks of such vulnerabilities.

Want to know more?

Get in touch
VMware ESXi

Related blogs

Microsoft 365 Copilot
September 18, 2024

New Copilot AI features make Microsoft Office apps even more convenient

Read more
Microsoft’s Copilot Pages
September 17, 2024

Copilot Pages: AI-driven Collaboration in Microsoft 365

Read more
Google Workspace en Microsoft 365
September 16, 2024

Google Workspace vs. Microsoft 365: Which one fits your organization best?

Read more
Google Workspace vereist OAuth
September 15, 2024

Deadline approaches: Google Workspace requires OAuth by Sept. 30

Read more
Microsoft Purview Audit in action
September 14, 2024

Microsoft Purview Audit: Detecting Bad Behavior in Microsoft 365

Read more

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Wekelijks in je Mailbox.