VMware warned customers today to install the latest security updates and disable the OpenSLP service targeted in a large-scale campaign of ransomware attacks against Internet-exposed and vulnerable ESXi servers.
The company added that the attackers aren't exploiting a zero-day vulnerability and that this service is disabled by default in ESXi software releases issued since 2021.
The threat actors also target products that are "significantly out-of-date" or have already reached their End of General Support (EOGS), according to VMware.
"VMware has not found evidence that suggests an unknown vulnerability (0-day) is being used to propagate the ransomware used in these recent attacks," VMware said.
"Most reports state that End of General Support (EOGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware Security Advisories (VMSAs).
"With this in mind, we are advising customers to upgrade to the latest available supported releases of vSphere components to address currently known vulnerabilities. In addition, VMware has recommended disabling the OpenSLP service in ESXi."
ESXiArgs ransomware attacks
VMware's warning comes after unknown threat actors started encrypting VMware ESXi servers unpatched against an OpenSLP security flaw (CVE-2021-21974) that unauthenticated threat actors can exploit to gain remote code execution in low-complexity attacks.
Known as ESXiArg ..
Support the originator by clicking the read the rest link below.
