All articles tagged with #vmware
CISA warns that the actively exploited VMware vCenter Server remote-code-execution flaw CVE-2024-37079 is being used in the wild and orders U.S. federal agencies to patch within three weeks, citing a DCERPC heap overflow that enables easy remote control with no user interaction. Broadcom notes there are no mitigations, advising immediate patches to the latest vCenter Server and Cloud Foundation releases.
Broadcom has cut staff in sales, customer success, and account management following its acquisition of VMware and benefiting from the AI boom, with unspecified layoffs affecting its workforce.
Some VMware customers with perpetual licenses cannot access security patches due to support contract issues with Broadcom, increasing their vulnerability to attacks. Broadcom has promised free security patches for supported versions, but access is delayed due to entitlement validation, leaving users at risk. VMware is working on a separate patch cycle for non-entitled customers, but the situation remains suboptimal amid ongoing security concerns.
Broadcom's CEO Hock Tan highlighted strong momentum with VMware Cloud Foundation adoption among large customers, record revenue driven by AI semiconductors and infrastructure software, and progress on new Tomahawk 6 switches, signaling a bullish outlook for the company's future in tech and AI markets.
Broadcom is restructuring its VMware partner program by eliminating its lowest tier, Registered partners, and raising standards for Pinnacle and Premier partners to focus on high-performance, committed partners, especially in VMware Cloud Foundation. European partners are exempt from these changes amid regulatory scrutiny over Broadcom's business practices, which some European groups claim breach competition laws. The move aims to deepen relationships with top partners and improve customer service, while European regulators continue to investigate Broadcom's business model.
Broadcom's VMware has eliminated its lowest partner tier, Registered, to focus on higher-tier partners, aiming to strengthen its ecosystem and support for private cloud solutions, while facing industry criticism and shifting partner dynamics.
VMware has made its Workstation Pro and Fusion Pro desktop hypervisor software free for both personal and commercial use, eliminating the need for businesses and developers to purchase licenses. Despite being free, VMware plans to continue investing in the software's development, relying on revenue from its enterprise virtualization solutions. The software remains proprietary, unlike open-source alternatives like Qemu and VirtualBox. Users can download the Linux version by signing up for a Broadcom account.
VMware has made its Fusion and Workstation software free for all users, including commercial customers, as part of a strategy to simplify its product offerings following Broadcom's acquisition. The Pro versions are no longer available for purchase, and VMware is pushing customers towards subscription-based services. Some business customers have reported significant price increases post-acquisition, with VMware ending support ticketing for troubleshooting after current contracts expire.
VMware has announced that its desktop hypervisor products, VMware Fusion and VMware Workstation, are now free for all users, including commercial, educational, and personal users, effective November 11, 2024. This marks the end of the paid subscription model for these products, with all features from the previous paid versions included in the free versions. While existing support agreements will remain valid until expiration, future support will be limited to online resources and community forums. VMware plans to continue investing in these products, enhancing features and usability.
Broadcom has announced new and expanded services for VMware Cloud Foundation at VMware Explore 2024 in Barcelona, focusing on accelerating AI, enhancing cybersecurity, and supporting digital sovereignty. The updates include VMware Tanzu Data Services for streamlined data management, VMware Live Recovery for improved disaster recovery, and a new VMware vDefend Advanced Service with GenAI-based threat assistance. Broadcom is also expanding its Private Cloud Modernization Program and offering new certifications to support private cloud transitions. These initiatives aim to provide scalable, secure, and resilient cloud solutions for enterprises.
Broadcom is poised to join the trillion-dollar market capitalization club by 2030, driven by strong demand for its AI chips and networking solutions, strategic relationships with major tech companies, and the growth potential from its VMware acquisition. The company's diversified client base and robust revenue projections make it a compelling investment for long-term investors.
VMware's hypervisors have been found to have four significant flaws, with the most severe ones allowing a malicious actor with local administrative privileges on a virtual machine to execute code outside the guest. VMware has urged an emergency change to address these vulnerabilities, which affect its Workstation, Fusion, and ESXi hypervisors. The flaws were discovered by researchers at the Tianfu Cup Pwn Contest, and VMware has provided workarounds while acknowledging potential challenges in implementing them at scale.
VMware has released patches for critical vulnerabilities affecting VMware ESXi, Workstation, Fusion, and Cloud Foundation products, including out-of-support versions, that allow hackers to escape sandbox and hypervisor protections. The vulnerabilities, rated as severe, could allow an attacker with local administrative privileges to execute code on the host machine. VMware is urging customers to apply the patches and has provided workarounds, while also stating that it is not aware of any active exploitation of the vulnerabilities.
VMware has released security updates to address critical sandbox escape vulnerabilities in its ESXi, Workstation, Fusion, and Cloud Foundation products, which could allow attackers to escape virtual machines and access the host operating system. The vulnerabilities, with severity ratings ranging from 7.1 to 9.3, include use-after free bugs in USB controllers, an out-of-bounds write flaw, and an information disclosure problem. System administrators are advised to apply the patches promptly and consider implementing workarounds to mitigate the risks. VMware has also provided guidance on response planning and workaround/fix implementation for specific products and configurations, emphasizing the importance of prompt patching.
VMware has issued a security advisory addressing vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation that could potentially allow a cyber threat actor to take control of affected systems. CISA advises users and administrators to review the advisory (VMSA-2024-0006) and apply the required updates.