VMware Security Advisory

VMware ESXi and Horizon DaaS Security Updates – VMSA-2019-0022

VMware has released a new security advisory VMSA-2019-0022 (VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability). Patches and workarounds are available to address this vulnerability in affected VMware products.

This advisory documents the remediation of one issue, rated with a severity of critical. VMware ESXi and Horizon DaaS use an OpenSLP version which has a heap overwrite issue. Successful exploitation of this issue may allow attackers with network access to port 427 on an ESXI host or on any Horizon DaaS management appliance to overwrite the heap of the OpenSLP service resulting in remote code execution.

The identifier CVE-2019-5544 was assigned to this vulnerability.

Read More
VMUG Romania

VMUG Romania 2019 Review

As one of the leaders of VMUG Romania, I thought it’s a good idea to have a sort of year review coming from the VMUG leaders, so here it it. For Romanian version, you can click here.

We are delighted that we managed to keep pace with 3 annual meetings and the fact that we managed to engage with more speakers from abroad: Joe Baguley (vice president and CTO EMEA VMware), Aylin Sali (CTO and founder of Runecast), Maciej Lelusz (CEO Inleo), Jacint Juhasz (VMware, ex-Alef / Netapp), Cormac Hogan (chief technologist VMware) and Todor Tsankov (Site Reliability Engineer at VMware). At the same time, we had a record number of participants in our activities, which honors us and for which we thank you!

February 12, 2019 – Spring VMUG

The first action of the year 2019 was the meeting on February 12 held at the Journey Pub in Bucharest. The sponsors of the event were DellEMC and Bitdefender. From the sponsors we had presentations covering hyper-converged solutions (The Power of Hyper-Converged – Cristian Stan, Dell EMC) and multi-cloud operations (Security automation, performance, and response across multiple VMware clouds – Gabriel Mazarache, Bitdefender). Cristian Radu, VMware, presented us a deep-dive session on NSX-V.

From the community side, the year was started in force, with 4 sessions: a new session from Victor Homocea dedicated to vSAN, a presentation on the management operations of vRealize Operations – Bogdan Mitu, Adobe, a scenario of ESXi servers migration presented by Corneliu Lefter, Neverfail, and finally a practical session of DCLI usage held by our colleague Mihai Huica, Orange. The event ended with a tasting of craft beer.

Read More
VMware vForum Romania 2019

VMware vForum Romania 2019

Wednesday 27 November 2019, Athenee Palace Hilton Hotel from Bucharest will host the biggest yearly VMware event from Romania, vForum Romania 2019.

The event will start with few global sessions:

  • Quo Vadis VMware, Colin Bannister, vice-president EMEA VMware
  • A story about yesterday & tomorrow – a glimpse on how technology will change the world, Valentina Frangu, Dell Technologies Romania
  • Build a secure and scalable Hybrid Cloud with HPE Synergy and VMware Cloud Foundation, Alexandru Vilcu, HPE Romania
  • Accelerating your cloud migration with VMware Cloud on AWS, Dragos Madarasan, AWS

Even better than last year, after the general sessions we will split in no less than tree tracks: Any Cloud, Any Application, Any Device; Software Defined Datacenter; and Hybrid Cloud.

Read More
VMware Security Advisory

VMware ESXi, Workstation, and Fusion Security Updates – VMSA-2019-0019

VMware has released a new security advisory VMSA-2019-0019 (VMware ESXi, Workstation, and Fusion updates address a denial-of-service vulnerability).

This advisory documents the remediation of one issue, rated with a severity of moderate. VMware ESXi, Workstation and Fusion contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VMs.

Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. By default, this functionality is not enabled on ESXi and is enabled on Workstation and Fusion.

The identifier CVE-2019-5536 was assigned to this vulnerability.

Affected products and resolutions:

  • ESXi 6.7 – apply patch ESXi670-201908101-SG
  • ESXi 6.5 – apply patch ESXi650-201910401-SG
  • Workstation 15.x – update to 15.5.0
  • Fusion 11.x – update to 11.5.0

The workaround for this issue involves disabling the 3D-acceleration feature.

Disable 3D-acceleration on ESXi

  • With Host Client or vCenter, go to the individual VM > Edit Settings > Virtual hardware > Video card.
  • If the “3D Graphics” is checked then 3D-acceleration feature is enabled.

Disable 3D-acceleration on Workstation

  • Select virtual machine and select VM > Settings.
  • On the Hardware tab, select Display.
  • If the “Accelerate 3D graphics” is checked then 3D-acceleration feature is enabled.

Disable 3D-acceleration on Fusion

  • From the VMware Fusion menu bar, select Window > Virtual Machine Library.
  • Select a virtual machine and click Settings.
  • In the Settings Window > select Display.
  • If the “Accelerate 3D graphics” is checked then 3D-acceleration feature is enabled.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

VMware vCenter Server Appliance Security Update - Backup and Restore Vulnerability

VMware vCenter Server Appliance – Backup and Restore Vulnerability

VMware has released a new security advisory VMSA-2019-0018 (VMware vCenter Server Appliance updates address sensitive information disclosure vulnerability in backup and restore functions).

This advisory documents the remediation of one issue, rated with a severity of moderate. Sensitive information disclosure vulnerabilities resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance may allow a malicious actor to intercept sensitive data in transit over FTPS, HTTPS, or SCP.

A man-in-the-middle positioned between vCenter Server Appliance and a backup target may be able to intercept data in transit during File-Based Backup and Restore operations.

The identifiers CVE-2019-5537 (data interception over FTPS and HTTPS) and CVE-2019-5538 (data interception over SCP) were assigned to this vulnerability.

Affected products and resolutions:

  • vCenter Server Appliance 6.7 – update to 6.7 Update 3a
  • vCenter Server Appliance 6.5 – update to 6.5 Update 3d

Remediation of CVE-2019-5537 and CVE-2019-5538 is not enabled by default. After upgrading vCenter Server Appliance, follow the steps in KB75156 (Enabling secure backup and restore in the vCenter Server Appliance) to enforce strict certificate validation.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

VMUG Romania February Meeting

Joe Baguley – Keynote Speaker at VMUG Romania July 2019

Next meeting from VMUG Romania marks again some unexplored avenues: Joe Baguley, Vice-President and CTO EMEA at VMware, will be the keynote speaker of the event. Two more speakers from the international VMware community will attend the meeting.

Save the date announcement was already sent to the VMUG community, for a full day event on 18th July 2019 at Point Hub, Bucharest. You can already register on the event page.

Joe Baguley
Joe Baguley

The day will start at about 10:00 in the morning with the keynote speech from Joe Baguley. Joe will talk about the latest trends in application and infrastructure evolution. He will also talk about VMware directions in research and development area. Joe is a fantastic speaker, don’t lose the opportunity to meet him face to face in Bucharest! If you never listen to Joe before, you can head to VMware Carpool Tech Talk post and check last two episodes: Joe Baguley and Rory Choudhuri discuss their early years in IT and how times have changed; they then talk about electric cars (check their verdict!).

Read More
VMware vCenter Server 6.7 Update 2

VMware vCenter Server 6.7 Update 2

VMware just released a new vCenter Server version: 6.7 Update 2, 6.7.0.30000, build 13010631. In this article I will cover some of the new features and resolved issues. I will also demonstrate how easy is to update from a previous version of vCenter Server 6.7 to VMware vCenter Server 6.7 Update 2.

In case you are looking for a plain installation of vCenter Server 6.7, you can check my other article: How to Install VCSA 6.7 (VMware vCenter Server Appliance).

VMware vCenter Server 6.7 Update 2 New Features

vCenter Server 6.7 Update 2 introduces Virtual Hardware Version 15 which adds support for creating virtual machines with up to 256 virtual CPUs.

There are few changes in vCenter backups: you can use NFS v3 (Network File System) and SMB2 (Server Message Block) protocols for file-based backup and restore operations. Also it adds version details to the “Enter backup details” page that help you to pick the correct build to restore the backup file. You can create alarm definitions to monitor the backup status of your system (using email, SNMP traps or scripts as actions).

Read More
VMware Security Advisory

VMware ESXi, Workstation, Fusion and vCloud Director Security Updates

VMware has released two new security advisories VMSA-2019-0004 (VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability) and VMSA-2019-0005 (VMware ESXi, Workstation and Fusion updates address multiple security issues).

The advisories document the remediation of these critical issues:

  • VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.
  • VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of these issues requires an attacker to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host.
  • VMware Workstation and Fusion contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.
  • VMware Workstation and Fusion updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.
  • VMware Fusion contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.
Read More
VMUG Romania

VMUG Romania February Meeting Report

On 12 February 2019, VMUG Romania held its first meeting of this year in one of the best location we have seen so far: Journey Pub in Bucharest. More than 50 persons attended the full-day event. Two records here, one for the number of participants and the other for the event duration. Dell EMC and Bitdefender were the sponsors of this meeting.

My fellow leaders made me the honor of opening the meeting. After my short introduction, Razvan Ionescu made the announcement of the year in my opinion: the keynote speaker for VMUG Romania next meeting on 11 June 2019 will be Joe Baguley, VP and CTO VMware EMEA. Joe is an inspiring speaker, I’m confident we will have a lot to learn from him. You can watch Joe in few episodes of VMware Carpool Tech Talk. Mihai Huica then introduced a new tool we used for gathering feedback from audience.

Read More
VMUG Romania February Meeting

VMUG Romania February Meeting

Dell EMC

Four months after the previous VMUG Romania meeting, we invite you to a new event dedicated to VMware technologies. Journey Pub in Bucharest will be our host for 12 February 2019. We will have presentation sessions, demos, networking and hopefully some interesting announcements.

This is the first full-day meeting for VMUG Romania, so be patient till the end for a non-virtual craft beer tasting session.

Bitdefender

Next to VMware presentation (Cristian Radu – “Deep Dive VMware NSX-V”) and those of the sponsors Dell EMC (Cristian Stan – The Power of Hyper-Converged) and Bitdefender (Gabriel Mihai Mazarache – Security automation, performance, and response across multiple VMware clouds), we will have no less then 4 community sessions.

Read More