Microsoft’s threat intelligence team recently reported that ransomware groups had exploited a critical VMware ESXi hypervisor vulnerability, identified as CVE-2024-37085, with a 6.8 CVSS score.
This flaw, patched by VMware less than a week ago, has been used by cybercriminals, including groups like Storm-0506, Storm-1175, and Octo Tempest, to deploy ransomware on domain-joined systems and enterprise networks.
Despite its exploitation in the wild, VMware had only labeled the security issue as “Moderate” and provided patches for certain versions. This vulnerability allows unauthorized access to ESXi hosts through AD permission exploitation by recreating deleted AD groups like “ESXi Admins.”
Read more – Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.