Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/114105391539321021">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 05-Mar-2025 02:41:48 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250225114715.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/114105001097247488" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p>Good catch by <a href="https://infosec.exchange/@TomSellers">@TomSellers</a> - although VMware doesn't list ESXi 6.7 as vulnerable, it is - they've published a patch for it: <a href="https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/6-7/release-notes/esxi-update-and-patch-release-notes/vmware-esxi-67-patch-release-esxi670202503001.html" rel="nofollow noreferrer">https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/6-7/release-notes/esxi-update-and-patch-release-notes/vmware-esxi-67-patch-release-esxi670202503001.html</a></p><p>I think what's happening here is 6.7 is under premium (paid) extended support where they publish patches for high severity vulns.</p><p>This also tends to indicate it applies to other unsupported versions.  The forum post suggested that vuln worked on ESXi 5.x - no patch is available that far back.</p><p>I think this may be a big problem for many orgs.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4672334#notice-9149756">In conversation</a><time datetime="2025-03-05T02:41:48+09:00" title="Wednesday, 05-Mar-2025 02:41:48 JST">about a month ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/114105391539321021" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/114105391539321021">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/4241342">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 05-Mar-2025 02:41:48 JSTKevin Beaumont
in reply to
- Tom Sellers
Good catch by @TomSellers - although VMware doesn't list ESXi 6.7 as vulnerable, it is - they've published a patch for it: https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/6-7/release-notes/esxi-update-and-patch-release-notes/vmware-esxi-67-patch-release-esxi670202503001.html
I think what's happening here is 6.7 is under premium (paid) extended support where they publish patches for high severity vulns.
This also tends to indicate it applies to other unsupported versions. The forum post suggested that vuln worked on ESXi 5.x - no patch is available that far back.
I think this may be a big problem for many orgs.
In conversationabout a month ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice