Posts Tagged ‘Microsoft Active Directory’

Part 53: HOW NOT TO: Compromise your VMware vSphere Hypervisor ESXi 5.1, 5.5, 6.0, 6.5, 6.7, 7.0, 8.0 by adding to Microsoft Active Directory

Saturday, October 19th, 2024

In this video presentation which is part of the Hancock’s VMware Half Hour I will show you HOW NOT TO: Compromise your VMware vSphere Hypervisor ESXi 5.1, 5.5, 6.0, 6.5, 6.7, 7.0, 8.0 by adding to Microsoft Active Directory. I will demonstrate the exposure, and discuss how to avoid it.

In this video demonstration the ESXi servers are ESXi ARM 7.0, but the same functionality has been built into ESXi since 5.1.

On the 29th July 2024, Microsoft  discovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors.

this publication is here – https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/

VMware vExperts – Christian Mohn wrote about it here – VMware vSphere CVE-2024-37085 – A Nothing Burger

and Bob Plankers goes into more detail here – Thoughts on CVE-2024-37085 & VMSA-2024-0013

Please have a read of these publications.

Broadcom have issued updates and fixes to vSphere 7.0 and 8.0, and VCF 4.x and 5.x only. There is no security update for 6.7.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505

Post to Twitter

HOW TO: Check if you have compromised your VMware ESXi 8.0 Hosts if you have added them to Microsoft Active Directory

Monday, August 26th, 2024

This video was created in response to Experts Exchange members asking the question “have I compromised my ESXi host be adding to AD?”

In this video presentation which is part of the Hancock’s VMware Half Hour I will show you HOW TO: Check if you have compromised your VMware ESXi 8.0 Hosts if you have added them to Microsoft Active Directory.

In this video demonstration the ESXi servers are ESXi 8.0.3, which have the “fix” detailed below

Secure Default Settings for ESXi Active Directory integration

To demonstrate the differences between a compromised and non-compromised server, I have deliberately changed the default settings on esxi002.cyrus-consultants.co.uk, so the server can be compromised.
HOW NOT TO: Compromise your VMware vSphere Hypervisor ESXi 5.1, 5.5, 6.0, 6.5, 6.7, 7.0, 8.0 by adding to Microsoft Active Directory

On the 29th July 2024, Microsoft  discovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors.

this publication is here – https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/

VMware vExperts – Christian Mohn wrote about it here – VMware vSphere CVE-2024-37085 – A Nothing Burger

and Bob Plankers goes into more detail here – Thoughts on CVE-2024-37085 & VMSA-2024-0013

Please have a read of these publications.

Broadcom have issued updates and fixes to vSphere 7.0 and 8.0, and VCF 4.x and 5.x only. There is no security update for 6.7.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505

Post to Twitter

HOW TO: Update VMware vSphere vCenter Server 8.0.3 to 8.0.3a using the Reduced Downtime Upgrade (RDU) function

Monday, August 26th, 2024

VMware vCenter Server 8.0.3a  Build 24091160 was released on the 17th July 2024.

In this video presentation which is part of the Hancock’s VMware Half Hour I will show you HOW TO: Update VMware vSphere vCenter Server 8.0.3 to 8.0.3a using the Reduced Downtime Upgrade (RDU) function.

This procedure can be used to update any VMware vCenter Server 8.0 update in the future. VMware have released a new feature in later versions of VMware vSphere vCenter 8.0 called the Reduced Downtime Upgrade (RDU), which reduces downtime from over 60, minutes to 10 minutes. We would traditionally use the VAMI method here

HOW TO: Update VMware vSphere vCenter Server 8.0.2 (8.0u2d) 8.0.2 to 8.0.3 using the (VAMI) Appliance Management Interface

but RDU only takes 15 minutes, but it does require the original vCenter Server 8.0.3 iso media!

At the time of this recording, VMware vCenter Server 8.0 Update 3a was the latest version available from VMware.

VMware vCenter Server 8.0 Update 3a Release Notes

HOW TO: Update VMware vSphere vCenter Server 8.0.2 (8.0u2d) 8.0.2 to 8.0.3 using the Reduced Downtime Upgrade (RDU) function

Videos mentioned in this video, this method can be used to backup the vCenter Server database.

HOW TO: Use the vCenter Server 7.0.3 vCenter Server Appliance Management Interface (VAMI) to backup the database and configuration of your vCenter Server

HOW TO: Restore a vCenter Server backup to restore a production vCenter Server 8.0 appliance

HOW TO: Update VMware ESXi 8.0 GA to ESXi 8.0U2 direct from VMware remotely using the ESXCLI tool installed on Windows 10

HOW TO: Remediate a vSphere Cluster VMware ESXi 8.0U2 to ESXi 8.0U3 including adding the HPE OEM Addon for ESXi 8.0.3 – A12 using VMware vSphere Lifecycle Manager (vLCM) from a single image

Post to Twitter

HOW NOT TO: Compromise your VMware vSphere Hypervisor ESXi 5.1, 5.5, 6.0, 6.5, 6.7, 7.0, 8.0 by adding to Microsoft Active Directory

Thursday, August 22nd, 2024

In this video presentation which is part of the Hancock’s VMware Half Hour I will show you HOW NOT TO: Compromise your VMware vSphere Hypervisor ESXi 5.1, 5.5, 6.0, 6.5, 6.7, 7.0, 8.0 by adding to Microsoft Active Directory. I will demonstrate the exposure, and discuss how to avoid it.

In this video demonstration the ESXi servers are ESXi ARM 7.0, but the same functionality has been built into ESXi since 5.1.

On the 29th July 2024, Microsoft  discovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors.

this publication is here – https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/

VMware vExperts – Christian Mohn wrote about it here – VMware vSphere CVE-2024-37085 – A Nothing Burger

and Bob Plankers goes into more detail here – Thoughts on CVE-2024-37085 & VMSA-2024-0013

Please have a read of these publications.

Broadcom have issued updates and fixes to vSphere 7.0 and 8.0, and VCF 4.x and 5.x only. There is no security update for 6.7.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505

Post to Twitter