Just looking at this CVSS 9.3 about #VMware #ESXi
https://www.vmware.com/security/advisories/VMSA-2022-0033.html
Is it worth breaking the Christmas change freeze by classing this as an emergency change? It is a 9.3 after all.
I can't see any evidence of any proof on concept. I can see there's the workaround of removing the USB controller, but I've yet to find out if this is going to involve reboots on Windows servers. I know I can easily test it, and I'll get there a bit later this afternoon.
In the meantime, if any of you have any answers to these questions, I'd be most grateful:
- Do you know if there's a public PoC?
- Do you know if removing the USB 2.0 controller needs a reboot?