Working with many systems or maintaining them is very costly and time–consuming in a corporate business technology need. To cope up with this demand, one can be said as an excellent development for this matter is the use of VMWare.
With this software, a single administrator can maintain and update many different systems with the ease of Single-Sign-On credentials. They will have visibility for their current status and perform various tasks to cope with the demand of the business when it comes to the technology aspect.
As more companies adapt to the use of the VMWare application, the company discloses a new threat to the latest version of the said application. The bug was named – CVE-2020-3952, which opens the door to the program for any possible hacking attack. This bug was given a weighted severity of Rated 10. Due to the reason that once it is exposed to the fraudster, they can gain access to the vast sensitive information of the company, including its system infrastructure. It will not only give risk to paralyze the whole operation of the business. Still, it will also lead to financial losses or worst business closure.
The detected issue is in the VMware’s Directory Service (vmdir). This service is one of the main cores of the application that used for certificate management of the workloads governed by vCenter as part of their access centralization. The vulnerability is known as the severest of all the history for the VMware software. Once this directory service becomes infected by the bug, it will have a deficiency regarding execution for access control. The issue of access control will open the system to many malicious actors. It will enable them to bypass the authentication protocol and gain access to the whole system.
Unfortunately, no workaround can be done to address the issue of infection. In response to a need for a Brand Protection plan, VMWare released a vCenter Server 6.7 patch in which the Administrator needs to perform together with the instruction to clean install the new version of the application. The guidelines also include the fraud detection steps to know if the bug has infected their system.
The bug’s early detection and prompt patch resolution shows as one of the best practices. That many businesses alike need in this time of high demand – for efficient ease of the use of the technology.