VMware fixes 2 data corruption bugs and VM to Host escape vulnerability!

alert

Last couple of weeks were definitely busy for the VMware developers. Not only they released vSphere 6.7 U1. They were also busy fixing two critical data corruption bugs: when running VM snapshots on VMFS after disk extends using vSAN 6.6 and later Another important fixed issue is VM escape possibility… Continue reading

Mitigate Spectre and Meltdown impact with vSphere ESXi

Meltdown-Spectre

As most of the folks in the IT, I’ve spent last couple of days researching about famous Spectre and Meltdown attacks and their possible impact to our infrastructure. These security flaws are especially bad, not only because they’ve been here for more than 2 decades, but mitigation comes with significant… Continue reading

Security issue after updating to vCenter 6.0

I did a crazy thing last week, I decided to update our vCenter appliance (VCSA) from version 5.5U3a to version 6.0 Update1 3040890. I was surprised how flawlessly it went. It was finished in couple of hours, “almost” everything was working as expected, so big success 🙂 Until users started… Continue reading

ALERT: VENOM Vulnerability CVE-2015-3456, Clouds Exposed!

alert

Crowdstrike disclosed a serious VM Escape vulnerability – codename VENOM, CVE-2015-3456 which has been around here since 2004. This one is especially serious because it is affecting the VMs in their default configuration and could be also affecting thousands of the VMs in cloud. This vulnerability may allow an attacker… Continue reading