Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/shibashecurity/statuses/109517074372222074">Mat DJ 🐶 :verified_paw: :donor: (shibashecurity@infosec.exchange)'s status on Thursday, 15-Dec-2022 19:59:42 JST</a><a href="https://infosec.exchange/@shibashecurity" title="shibashecurity@infosec.exchange"><img src="https://gnusocial.jp/avatar/28440-48-20241006051806.webp" width="48" height="48" alt="Mat DJ 🐶 :verified_paw: :donor:" style="position: absolute; left: 0; top: 0;">Mat DJ 🐶 :verified_paw: :donor:</a></section><article><p>Just looking at this CVSS 9.3 about <a href="https://infosec.exchange/tags/VMware" rel="tag">#VMware</a> <a href="https://infosec.exchange/tags/ESXi" rel="tag">#ESXi</a> </p><p><a href="https://www.vmware.com/security/advisories/VMSA-2022-0033.html" rel="nofollow noreferrer">https://www.vmware.com/security/advisories/VMSA-2022-0033.html</a></p><p>Is it worth breaking the Christmas change freeze by classing this as an emergency change? It is a 9.3 after all.</p><p>I can't see any evidence of any proof on concept. I can see there's the workaround of removing the USB controller, but I've yet to find out if this is going to involve reboots on Windows servers. I know I can easily test it, and I'll get there a bit later this afternoon.</p><p>In the meantime, if any of you have any answers to these questions, I'd be most grateful:</p><p>- Do you know if there's a public PoC?</p><p>- Do you know if removing the USB 2.0 controller needs a reboot?</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/855956#notice-1744652">In conversation</a><time datetime="2022-12-15T19:59:42+09:00" title="Thursday, 15-Dec-2022 19:59:42 JST">Thursday, 15-Dec-2022 19:59:42 JST</time> <span>from <span><a href="https://infosec.exchange/@shibashecurity/109517074372222074" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@shibashecurity/109517074372222074">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/487496">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/487497">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Mat DJ 🐶 :verified_paw: :donor: (shibashecurity@infosec.exchange)'s status on Thursday, 15-Dec-2022 19:59:42 JST Mat DJ 🐶 :verified_paw: :donor:
Just looking at this CVSS 9.3 about #VMware #ESXi
https://www.vmware.com/security/advisories/VMSA-2022-0033.html
Is it worth breaking the Christmas change freeze by classing this as an emergency change? It is a 9.3 after all.
I can't see any evidence of any proof on concept. I can see there's the workaround of removing the USB controller, but I've yet to find out if this is going to involve reboots on Windows servers. I know I can easily test it, and I'll get there a bit later this afternoon.
In the meantime, if any of you have any answers to these questions, I'd be most grateful:
- Do you know if there's a public PoC?
- Do you know if removing the USB 2.0 controller needs a reboot?
In conversationThursday, 15-Dec-2022 19:59:42 JST from infosec.exchangepermalink
Attachments
1. Untitled attachment
2. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice