Preparing for the CISA emergency directive

CISA order to address VMware security threat

CISA has been in the process of releasing guidelines for critical infrastructure networks. However, in mid-May 2022, a new emergency directive was issued.

The directive is aimed at five specific VMware-based services, as CISA determines they are “unacceptable federal risk.”

The vulnerabilities exist within: Mware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, respectively.

As it stands, the threat level for these vulnerabilities is rated as critical, and any service, network, or industry making use of them must take the appropriate measures as soon as possible. The threats are based on a “template injection” which then can execute as a remote control order, giving an unknown third-party lateral access to the targeted system.

If you use VMware, be on immediate alert for patches addressing these vulnerabilities. At the time of this article’s publishing, it should be distributed.

VMware is a cloud platform widely used for their virtualization/cloud services. But when breaches occur, it can affect their entire client base. Patching is important to mitigate the potential fallout and damage of breaches, or stop them outright. VMware also published a blog about the patches with solutions and workarounds, which you can find here.

Primarily, CISA’s emergency action is directed at federal agencies, whether in part or whole. This relates to critical infrastructure and federal/government bodies. However, anyone using VMware should still be on guard and apply patches as needed.

This isn’t the first emergency directive, and in fact marks the 10th since 2019. One of the most recent directives was related to the Log4j vulnerability, which has also received numerous patches and emergency directives.

Keeping your network safe is critical. If you are an associated industry, patch as soon as possible. If you need additional assistance, contact Bytagig for additional remote-support information.

Share this post: