VMware Security Advisory

VMware ESXi, Workstation, and Fusion Security Updates – VMSA-2019-0019

VMware has released a new security advisory VMSA-2019-0019 (VMware ESXi, Workstation, and Fusion updates address a denial-of-service vulnerability).

This advisory documents the remediation of one issue, rated with a severity of moderate. VMware ESXi, Workstation and Fusion contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VMs.

Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. By default, this functionality is not enabled on ESXi and is enabled on Workstation and Fusion.

The identifier CVE-2019-5536 was assigned to this vulnerability.

Affected products and resolutions:

  • ESXi 6.7 – apply patch ESXi670-201908101-SG
  • ESXi 6.5 – apply patch ESXi650-201910401-SG
  • Workstation 15.x – update to 15.5.0
  • Fusion 11.x – update to 11.5.0

The workaround for this issue involves disabling the 3D-acceleration feature.

Disable 3D-acceleration on ESXi

  • With Host Client or vCenter, go to the individual VM > Edit Settings > Virtual hardware > Video card.
  • If the “3D Graphics” is checked then 3D-acceleration feature is enabled.

Disable 3D-acceleration on Workstation

  • Select virtual machine and select VM > Settings.
  • On the Hardware tab, select Display.
  • If the “Accelerate 3D graphics” is checked then 3D-acceleration feature is enabled.

Disable 3D-acceleration on Fusion

  • From the VMware Fusion menu bar, select Window > Virtual Machine Library.
  • Select a virtual machine and click Settings.
  • In the Settings Window > select Display.
  • If the “Accelerate 3D graphics” is checked then 3D-acceleration feature is enabled.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

VMware vCenter Server Appliance Security Update - Backup and Restore Vulnerability

VMware vCenter Server Appliance – Backup and Restore Vulnerability

VMware has released a new security advisory VMSA-2019-0018 (VMware vCenter Server Appliance updates address sensitive information disclosure vulnerability in backup and restore functions).

This advisory documents the remediation of one issue, rated with a severity of moderate. Sensitive information disclosure vulnerabilities resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance may allow a malicious actor to intercept sensitive data in transit over FTPS, HTTPS, or SCP.

A man-in-the-middle positioned between vCenter Server Appliance and a backup target may be able to intercept data in transit during File-Based Backup and Restore operations.

The identifiers CVE-2019-5537 (data interception over FTPS and HTTPS) and CVE-2019-5538 (data interception over SCP) were assigned to this vulnerability.

Affected products and resolutions:

  • vCenter Server Appliance 6.7 – update to 6.7 Update 3a
  • vCenter Server Appliance 6.5 – update to 6.5 Update 3d

Remediation of CVE-2019-5537 and CVE-2019-5538 is not enabled by default. After upgrading vCenter Server Appliance, follow the steps in KB75156 (Enabling secure backup and restore in the vCenter Server Appliance) to enforce strict certificate validation.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

VMUG Romania February Meeting

Joe Baguley – Keynote Speaker at VMUG Romania July 2019

Next meeting from VMUG Romania marks again some unexplored avenues: Joe Baguley, Vice-President and CTO EMEA at VMware, will be the keynote speaker of the event. Two more speakers from the international VMware community will attend the meeting.

Save the date announcement was already sent to the VMUG community, for a full day event on 18th July 2019 at Point Hub, Bucharest. You can already register on the event page.

Joe Baguley
Joe Baguley

The day will start at about 10:00 in the morning with the keynote speech from Joe Baguley. Joe will talk about the latest trends in application and infrastructure evolution. He will also talk about VMware directions in research and development area. Joe is a fantastic speaker, don’t lose the opportunity to meet him face to face in Bucharest! If you never listen to Joe before, you can head to VMware Carpool Tech Talk post and check last two episodes: Joe Baguley and Rory Choudhuri discuss their early years in IT and how times have changed; they then talk about electric cars (check their verdict!).

Read More
VMware vCenter Server 6.7 Update 2

VMware vCenter Server 6.7 Update 2

VMware just released a new vCenter Server version: 6.7 Update 2, 6.7.0.30000, build 13010631. In this article I will cover some of the new features and resolved issues. I will also demonstrate how easy is to update from a previous version of vCenter Server 6.7 to VMware vCenter Server 6.7 Update 2.

In case you are looking for a plain installation of vCenter Server 6.7, you can check my other article: How to Install VCSA 6.7 (VMware vCenter Server Appliance).

VMware vCenter Server 6.7 Update 2 New Features

vCenter Server 6.7 Update 2 introduces Virtual Hardware Version 15 which adds support for creating virtual machines with up to 256 virtual CPUs.

There are few changes in vCenter backups: you can use NFS v3 (Network File System) and SMB2 (Server Message Block) protocols for file-based backup and restore operations. Also it adds version details to the “Enter backup details” page that help you to pick the correct build to restore the backup file. You can create alarm definitions to monitor the backup status of your system (using email, SNMP traps or scripts as actions).

Read More
VMware Security Advisory

VMware ESXi, Workstation, Fusion and vCloud Director Security Updates

VMware has released two new security advisories VMSA-2019-0004 (VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability) and VMSA-2019-0005 (VMware ESXi, Workstation and Fusion updates address multiple security issues).

The advisories document the remediation of these critical issues:

  • VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.
  • VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of these issues requires an attacker to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host.
  • VMware Workstation and Fusion contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.
  • VMware Workstation and Fusion updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.
  • VMware Fusion contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.
Read More
VMUG Romania

VMUG Romania February Meeting Report

On 12 February 2019, VMUG Romania held its first meeting of this year in one of the best location we have seen so far: Journey Pub in Bucharest. More than 50 persons attended the full-day event. Two records here, one for the number of participants and the other for the event duration. Dell EMC and Bitdefender were the sponsors of this meeting.

My fellow leaders made me the honor of opening the meeting. After my short introduction, Razvan Ionescu made the announcement of the year in my opinion: the keynote speaker for VMUG Romania next meeting on 11 June 2019 will be Joe Baguley, VP and CTO VMware EMEA. Joe is an inspiring speaker, I’m confident we will have a lot to learn from him. You can watch Joe in few episodes of VMware Carpool Tech Talk. Mihai Huica then introduced a new tool we used for gathering feedback from audience.

Read More
VMUG Romania February Meeting

VMUG Romania February Meeting

Dell EMC

Four months after the previous VMUG Romania meeting, we invite you to a new event dedicated to VMware technologies. Journey Pub in Bucharest will be our host for 12 February 2019. We will have presentation sessions, demos, networking and hopefully some interesting announcements.

This is the first full-day meeting for VMUG Romania, so be patient till the end for a non-virtual craft beer tasting session.

Bitdefender

Next to VMware presentation (Cristian Radu – “Deep Dive VMware NSX-V”) and those of the sponsors Dell EMC (Cristian Stan – The Power of Hyper-Converged) and Bitdefender (Gabriel Mihai Mazarache – Security automation, performance, and response across multiple VMware clouds), we will have no less then 4 community sessions.

Read More
PowerCLI 11.1.0

PowerCLI 11.1.0 – More on Linux Side

During the last few days of December 2018, VMware released the 6th PowerCLI version of the year: PowerCLI 11.1.0. The coolest new features move around Site Recovery Manager:

  • Support for SRM module in MacOS and Linux
  • Support for Site Recovery Manager 8.1 API features
  • VMware.VimAutomation.Storage module received updates on 2 cmdlets: Get-VsanDisk and Start-SpbmReplicationTestFailover

There is nothing new on the install / update routines for Windows, so if you need guidance you can take a look at one of my previous article: VMware PowerCLI 10.1.0.

Read More
How to Upgrade ESXi from 6.5 to 6.7 with Command Line

How to Upgrade ESXi from 6.5 to 6.7 with Command Line

In a previous post I wrote about how to update ESXi 6.5 using Command Line. It’s 6.7 time now, so here is the article explaining how to upgrade ESXi from 6.5 to 6.7 with the command line (esxcli). This method works either the ESXi server is standalone or added to a vCenter Server (I will use no component of vCenter Server).

As a prerequisite, I placed the ESXi 6.5 server in maintenance mode.

Upgrade ESXi from 6.5 to 6.7 with Command Line - Maintenance Mode

Upgrade ESXi from 6.5 to 6.7 with Command Line – Check ESXi Version

To find the current version of ESXi, after I connected with PuTTY to the server, I ran this command:

esxcli system version get

Upgrade ESXi from 6.5 to 6.7 with Command Line - Check ESXi Version
Read More
Install VCSA 6.7

How to Install VCSA 6.7 (VMware vCenter Server Appliance)

In this article I will show you how to install VCSA 6.7 (VMware vCenter Server Appliance).

To start, you need an installation kit of vCenter Server Appliance 6.7. For this article, I will use the VCSA 6.7 Update 1 version – VMware-VCSA-all-6.7.0-10244745.iso (the latest available at the time I wrote this article).

Note: If you look for VCSA upgrade instructions, check this article: How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 1.

Install VCSA 6.7 (VMware vCenter Server Appliance) – Stage 1

To launch the installer I will use a Windows virtual machine (alternatively you can use a Mac or a Linux system). Unzip the archive and navigate to VMware-VCSA-all-6.7.0-10244745\vcsa-ui-installer\win32 folder. Launch installer.exe and begin to install VCSA 6.7.

Install VCSA 6.7 - installer.exe

Read More