Arraya Insights | May 5, 2020
It can be tough to keep up with applying patches under normal circumstances and the last few weeks have certainly been anything but normal. However, if you use vCenter Server 6.7 (with embedded or external platform services controller [PSC]) to help manage your organization’s data center, you’ll want patching at the top of your team’s to do list. Earlier this month, VMware disclosed a high-risk vulnerability affecting certain versions of vCenter Server 6.7 and PSC, one that checks in at 10 out of 10 on the CVSS v3 scale. If left unaddressed, this vulnerability leaves vCenter Server and other critical services dangerously exposed.
The vulnerability documented in VMSA-2020-0006 exists in VMware Directory Service (vmdir), one of the component tools found in vCenter Server. Essentially, it leaves this utility unable to manage access controls correctly. As a result, any solution that depends upon vmdir for identity authentication, including vCenter Server, could be compromised by attackers. At that point, cyber criminals could spin up their own admin accounts and grant themselves free rein throughout an environment.
Here’s the thing, not all instances of vCenter 6.7 are impacted by the vulnerability. A deployment must meet a few qualifications in order to be considered at risk. First off, the instance must predate the 6.7u3f upgrade. A deployment must also have been upgraded from a previous incarnation of the vCenter Server family, 6.5, 6.0, etc. Brand new vCenter Server deployments should be unaffected by the vulnerability according to VMware. So how worried should organizations be whose vCenter Server deployments do check off all those boxes? A representative from the virtualization giant offered a sufficiently ominous answer to that exact question in a blog post detailing the vulnerability, responding: “very worried.” This was aimed directly at organizations whose internal policies or structures deemphasize patching or that make changing on the fly difficult.
Remediating this vulnerability is straightforward enough. Environment admins should locate and apply the most recent available update in their vCenter Server Appliance Management Interface (VAMI). It’s worth noting that there might be multiple updates listed, so it’s important to pick the most current version. Additionally, it’s best practice to have a system-wide backup on hand prior to implementing the patch just in case something were to go wrong. Finally, admins should be sure they update all vCenter Server and PSC instances within their organization’s data center.
At the moment, there is no direct workaround for this issue. Firewalls or even network segmentations strategies can be used to mitigate the hazard, however doing so is not a true fix. Further, it may add greater complexity to already intricate environments. Instead, an organization’s best defense is patching. Only after its full complement of vCenter Server and PSC solutions is upgraded to the 6.7u3f level, will an environment be secured against this potentially devastating threat.
Next Steps: Keeping your vCenter Server and data center safe
Need a hand updating your vCenter Server and PSC instances against this vulnerability? Arraya can help. Our managed services team can deploy the patches and updates needed to keep vCenter (and other solutions) secure. Arraya’s in-house experts can also help your organization take stock of its current level of exposure as well as devise and execute a remediation plan. You can start a dialogue with our team by visiting https://www.arrayasolutions.com/contact-us/.
Also, don’t forget, you can leave us a comment on this or any of our blogs through social media. Arraya can be found on LinkedIn, Twitter, and Facebook. While you’re there, follow us to stay up to date on our industry insights and unique IT learning opportunities.