Do you have your VMware ESXi hypervisor connected to Active Directory? Well, the latest news from Microsoft serves as a reminder that you might not want to do that given the recently patched vulnerability that has security experts deeply concerned.
my kids built a HACKING computer!! (i almost died)
CVE-2024-37085 only has a CVSS score of 6.8, but has been used as a post-compromise technique by many of the world's most high-profile ransomware groups and their affiliates, including Black Basta, Akira, Medusa, and Octo Tempest/Scattered Spider.
The vulnerability allows an attacker who has the necessary privileges to create AD groups—which is not necessarily an AD administrator—to gain full control of an ESXi hypervisor.
This is bad for obvious reasons. Having unrestricted access to all running VMs and critical host servers gives attackers the ability to steal data, move laterally across the victim's network, or simply wreak havoc by terminating processes and encrypting the file system.
