So VMware released a security advisory (VMSA-2019-0009) about vulnerable VMware Tools.
In short it is recommended to upgrade all VMware Tools to at least version 10.3.10 (Build 10346) which is the newest at the time of writing.
After patching ESXi to the latest build, you might realize that the VMware tools you are left with, after upgrading the tools, in a VM, is 10.3.5 (build 10341) Continue reading How to upgrade to VMware Tools 10.3.10
Often when I do health checks on vSphere environments I come across VMs that have multiple vNics. That can be a serious security risk if these vNics are connected to different security zones. A VM that is connected both to a DMZ and to a Administration network could allow a hacker easy access to more privileged networks. Sometimes this configuration is acceptable if the operating system is designed to handle it, if for instance we are dealing with a firewall.
I often find VMs that have a configuration where one of the network adapters is disconnected. Sometimes the second vNic was forgotten, and other times it is connected from vCenter when access to the secondary network is wanted for some kind of maintenance.
There is a settings on the virtual network adapter called “allowGuestControl”, and I was wondering if this setting could be a security issue. Could a hacker enable the disconnected network adapter from within the guest operating system, and thereby gain access to a privileged network? Continue reading VMs with multiple vNics could be a security risk
