Security

I recently had the pleasure of upgrading two virtual appliance-based VMware Identity Manager 3.3.0 deployments to 3.3.1 using the offline update method without the assistance of vRealize Suite Lifecycle Manager. When I reviewed the update documentation, I found that this release didn’t support the offline update process I previously utilized, so I figured I’d create a quick post providing an overview of the supported update processes for 3.3.1. What Changed? In previous releases of VMware Identity Manager 3.

Just a heads up. VMware has published Security Advisory VMSA-2020-0002 (CVE-2020-3941), which details information regarding a race condition within VMware Tools 10.x.x that can allow a user to escalate their privileges on a Windows VM. This issue was assigned a CVSSv3 score of 7.8 and has the potential to affect many environments as it applies to all releases of VMware Tools 10. The vulnerability can be resolved by installing VMware Tools 11, but if you can’t upgrade to VMware Tools 11, a workaround is available in VMware KB76654.

On October 25, 2019, the Defense Information Systems Agency has made available the first updates to VMware vSphere 6.5 STIGs released earlier this year. VMware vSphere 6.5 STIG Version 1, Release 2 includes updates to both the ESXi and the Virtual Machine STIGs. Per the revision history provided in the updated STIG download, the following changes were made: VMware vSphere 6.5 ESXi STIG V-94491, V-94493, V-94495, V-94497, V94499, V-94501, V-94503, V-94513, V94515,V-94517, V-94519, V-94521, V94523, V-94525, V-94527, V-94537, V94539, V-94541, V-94551, V-94553, V94555, V-94557, V-94049 - Removed multiple duplicate requirements in ESXi STIG.

As a follow-up to my previous post providing alert content for the VMware vSphere 6.5 Virtual Machine STIG Version 1, Release 1, I have also put together new alert content for the VMware vSphere 6.5 ESXi STIG Version 1, Release 1. See the link at the bottom of the page to download the alert content XML. The following STIG items cannot be verified by vRealize Operations because the checks are user process related, the configuration values are not currently collected by vRealize Operations, or the checks involve non-VMware assets (e.

With the recent release of the VMware vSphere 6.5 Virtual Machine STIG Version 1, Release 1, I needed to create new vRealize Operations alert content to verify compliance of my virtual machines. Combined with the automated alert remediation process I described in a previous post, ensuring compliance with the new STIG requirements is easy. See the link at the bottom of the page to download the alert content XML. Unfortunately, the following STIG items can’t be verified by vRealize Operations either because the checks are user process related or the configuration values aren’t currently collected by vRealize Operations: