Three days ago another critical vulnerability has been announced by VMware around CVE-2021-22040, CVE-2021-22041 that are about the virtual machine USB controllers that let the "malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host." All ESXi versions 6.x and 7.x and Fusion 12.x and Workstation 16.x are vulnerable against this exploit. Fortunately there is a released patch to fix the issue (for example ESXi7.0 Update 3c), although there is a workaround for the mentioned vulnerabilities too. If you need to read more information: VMSA-2022-0004
However there is an attached file in the link below that you can use to list all VMs with connected USB controller and also remove them automatically: KB87617.
No comments:
Post a Comment