vcommunity – MIKLM.COM

VMSA-2021-0028: Critical VMware Security Advisory (Multiple Products; Apache Log4j Vulnerability)

2021/12/13 miklm

On Friday, December 10, 2021, VMware released VMware Security Advisory VMSA-2021-0028 affecting numerous VMware products including vCenter Server. This advisory is re: Apache Log4j vulnerability CVE-2021-44228 with a CVSSv3 score of 10 out of 10.

Resources:

VMSA-2021-0028: https://www.vmware.com/security/advisories/VMSA-2021-0028.html
FAQ: https://via.vmw.com/vmsa-2021-0028-faq
Unaffected VMware products can be referred to on the Knowledge Base article: https://kb.vmware.com/s/article/87068
VMware Blog “Investigating the Log4j Vulnerability”: https://blogs.vmware.com/security/2021/12/investigating-cve-2021-44228-log4shell-vulnerability.html

The key takeaway is that IMMEDIATE ACTION IS REQUIRED. Workaround should be applied to all running products immediately.

This is being actively exploited in the wild, and should be treated as an emergency change with highest priority.

This vulnerability is in the open-source Apache Log4j Java logging library, which is used in numerous software packages. This is not a VMware-specific issue.

Additional background information:
Tech Solvency Log4Shell log4j vulnerability (CVE-2021-44228) – cheat-sheet reference guide

Birmingham AL VMUG – October 2021

2021/10/28 miklm

#vCommunity – Get involved on Twitter:

@ShanFitz, @vMiklm, @DerrickSkipwith, @BhamVMUG, @myVMUG, @vExpert, @VMware, @VMworld

VMworld session replays: vmware.com/vmworld

Recommended sessions:

Multi-Cloud:

MCL1833 – 10 Things You Need to Know About Project Monterey

MCL1853 – 60 Minutes of Non-Uniform Memory Access (NUMA) 3rd Edition

MCL3222 – VMware Cloud on AWS Outposts: Bring VMware Cloud to Your Data Center

MCL1635 – Extreme Performance Series: Performance Best Practices (vSphere 7 Performance Best Practices Whitepaper)

MCL1277 – A Big Update on vRealize Operations (also recommend: vROps VM Performance Dashboard Deepdive https://youtu.be/9BH7cEJAlu0)

MCL1202 – VMware DRaaS

MCL2768S – Dell APEX Cloud Services with VMware Cloud

MCL1453 – Introducing VMware Project Capitola

MCL2019 – What’s New: Skyline Pro

App Modernization:

APP1482 – Explore Tanzu Community Edition
(How-to blog for Tanzu CE on MacOS: https://www.samakroyd.com/2021/10/06/tanzu-community-edition-on-macos/)

APP2183 – Introduction to Kubernetes for the vSphere Admin (also: kube.academy)

End User Services

EUS1289 – VDI Nerdfest 2021: Demos That Make Admins Drool

Security

SEC1287 – Mount a Robust Defense in Depth Strategy Against Ransomware

vSphere Security Configuration guide

Birmingham AL VMUG Meeting â€“ December 2019

2019/12/21 miklm

VMware Skyline – skyline.vmware.com

Follow @vMiklm on Twitter

@BhamVMUG Twitter – vmug.com/birmingham

Birmingham AL VMUG Meeting – October 2019

2019/10/22 miklm

Follow @vMiklm on Twitter

VMware Product Release details – October 2019

VMware Security Advisories

Kubernetes.Academy

VMware Hands On Labs

Birmingham AL VMUG Meeting – March 2019

2019/03/21 miklm

Birmingham AL VMware User Group Meeting – March 20, 2019.

– VMware Validated Designs quick talk – Michael Merritt, VMware TAM
– Cohesity sponsor talk – Derek Byrd, Cohesity SE

VMware Validated Designs: https://vmware.com/go/vvd-docs

https://vmug.com/birmingham

https://vmware.com

https://cohesity.com – Meeting sponsor

#vmware #vexpert #vmug #vcommunity #vvd #cohesity