Notices where this attachment appears
-
Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 05-Mar-2025 02:41:48 JST 
Kevin Beaumont
Good catch by @TomSellers - although VMware doesn't list ESXi 6.7 as vulnerable, it is - they've published a patch for it: https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/6-7/release-notes/esxi-update-and-patch-release-notes/vmware-esxi-67-patch-release-esxi670202503001.html
I think what's happening here is 6.7 is under premium (paid) extended support where they publish patches for high severity vulns.
This also tends to indicate it applies to other unsupported versions. The forum post suggested that vuln worked on ESXi 5.x - no patch is available that far back.
I think this may be a big problem for many orgs.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.